PostgreSQL 'pgcrypto' Module Buffer Overflow Vulnerability (CVE-2015-0243)

PostgreSQL 'pgcrypto' Module Buffer Overflow Vulnerability (CVE-2015-0243)

Release date:
Updated on:

Affected Systems:
PostgreSQL 9.4
PostgreSQL 9.1
PostgreSQL 8.4
Description:
Bugtraq id: 72542
CVE (CAN) ID: CVE-2015-0243

PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.

PostgreSQL 8.4, 9.1, and 9.4 versions of pgcrypto functions do not correctly perform the boundary check and the buffer overflow vulnerability exists, authenticated remote attackers can exploit this vulnerability to execute arbitrary code on the affected system or cause DOS.

<* Source: Noah Misch
Marko Tiikkaja

Link: http://xforce.iss.net/xforce/xfdb/100779
*>

Suggestion:
Vendor patch:

PostgreSQL
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.postgresql.org/docs/9.4/static/release-9-4-1.html

------------------------------------ Lili split line ------------------------------------

Install PostgreSQL 6.3 on yum in CentOS 9.3

PostgreSQL cache details

Compiling PostgreSQL on Windows

Configuration and installation of LAPP (Linux + Apache + PostgreSQL + PHP) Environment in Ubuntu

Install and configure phppgAdmin on Ubuntu

Install PostgreSQL9.3 on CentOS

Configure a Streaming Replication cluster in PostgreSQL

How to install PostgreSQL 7/6 and phpPgAdmin in CentOS 5/6. 4

------------------------------------ Lili split line ------------------------------------

PostgreSQL details: click here
PostgreSQL: click here

This article permanently updates the link address: