csaf_redhat - rhsa-2015

rhsa-2015_0856

Vulnerability from csaf_redhat

Published

2015-04-20 09:46

Modified

2024-09-13 09:22

Summary

Red Hat Security Advisory: postgresql92-postgresql security update

Notes

Topic

Updated postgresql packages that fix multiple security issues are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

PostgreSQL is an advanced object-relational database management system (DBMS). An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. (CVE-2014-8161) A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0241) A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0243) A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. (CVE-2015-0244) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Stephen Frost as the original reporter of CVE-2014-8161; Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Misch as the original reporters of CVE-2015-0241; Marko Tiikkaja as the original reporter of CVE-2015-0243; and Emil Lenngren as the original reporter of CVE-2015-0244. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nAn information leak flaw was found in the way the PostgreSQL database\nserver handled certain error messages. An authenticated database user could\npossibly obtain the results of a query they did not have privileges to\nexecute by observing the constraint violation error messages produced when\nthe query was executed. (CVE-2014-8161)\n\nA buffer overflow flaw was found in the way PostgreSQL handled certain\nnumeric formatting. An authenticated database user could use a specially\ncrafted timestamp formatting template to cause PostgreSQL to crash or,\nunder certain conditions, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2015-0241)\n\nA stack-buffer overflow flaw was found in PostgreSQL\u0027s pgcrypto module.\nAn authenticated database user could use this flaw to cause PostgreSQL to\ncrash or, potentially, execute arbitrary code with the permissions of the\nuser running PostgreSQL. (CVE-2015-0243)\n\nA flaw was found in the way PostgreSQL handled certain errors that were\ngenerated during protocol synchronization. An authenticated database user\ncould use this flaw to inject queries into an existing connection.\n(CVE-2015-0244)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Stephen Frost as the original reporter of\nCVE-2014-8161; Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Misch\nas the original reporters of CVE-2015-0241; Marko Tiikkaja as the original\nreporter of CVE-2015-0243; and Emil Lenngren as the original reporter of\nCVE-2015-0244.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:0856",
        "url": "https://access.redhat.com/errata/RHSA-2015:0856"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1182043",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182043"
      },
      {
        "category": "external",
        "summary": "1188684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188684"
      },
      {
        "category": "external",
        "summary": "1188689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188689"
      },
      {
        "category": "external",
        "summary": "1188694",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188694"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_0856.json"
      }
    ],
    "title": "Red Hat Security Advisory: postgresql92-postgresql security update",
    "tracking": {
      "current_release_date": "2024-09-13T09:22:11+00:00",
      "generator": {
        "date": "2024-09-13T09:22:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2015:0856",
      "initial_release_date": "2015-04-20T09:46:03+00:00",
      "revision_history": [
        {
          "date": "2015-04-20T09:46:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-04-20T09:46:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T09:22:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.7 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite 5.7 (RHEL v.6)",
                  "product_id": "6Server-Satellite57",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.7::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
                  "product_id": "6Server-ManagedDB57",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-upgrade@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-pltcl@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-server@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-debuginfo@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-libs@9.2.10-2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
                  "product_id": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-contrib@9.2.10-2.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-pltcl@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-debuginfo@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-libs@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-server@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-upgrade@9.2.10-2.el6?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
                "product": {
                  "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
                  "product_id": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-contrib@9.2.10-2.el6?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.10-2.el6.src",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.10-2.el6.src",
                  "product_id": "postgresql92-postgresql-0:9.2.10-2.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.10-2.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.src as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.src",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite Managed DB 5.7 (RHEL v.6)",
          "product_id": "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-ManagedDB57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.src as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.src",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Stephen Frost"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-8161",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "discovery_date": "2015-01-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1182043"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: information leak through constraint violation errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-8161"
        },
        {
          "category": "external",
          "summary": "RHBZ#1182043",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182043"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-8161"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8161",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8161"
        },
        {
          "category": "external",
          "summary": "http://www.postgresql.org/about/news/1569/",
          "url": "http://www.postgresql.org/about/news/1569/"
        }
      ],
      "release_date": "2015-02-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0856"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: information leak through constraint violation errors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        }
      ],
      "cve": "CVE-2015-0241",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2015-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1188684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: buffer overflow in the to_char() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0241"
        },
        {
          "category": "external",
          "summary": "RHBZ#1188684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0241",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0241"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0241",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0241"
        },
        {
          "category": "external",
          "summary": "http://www.postgresql.org/about/news/1569/",
          "url": "http://www.postgresql.org/about/news/1569/"
        }
      ],
      "release_date": "2015-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0856"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: buffer overflow in the to_char() function"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Marko Tiikkaja"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-0243",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2015-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1188689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-buffer overflow flaw was found in PostgreSQL\u0027s pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: buffer overflow flaws in contrib/pgcrypto",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0243"
        },
        {
          "category": "external",
          "summary": "RHBZ#1188689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0243"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0243",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0243"
        },
        {
          "category": "external",
          "summary": "http://www.postgresql.org/about/news/1569/",
          "url": "http://www.postgresql.org/about/news/1569/"
        }
      ],
      "release_date": "2015-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0856"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: buffer overflow flaws in contrib/pgcrypto"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Emil Lenngren"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-0244",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "discovery_date": "2015-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1188694"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: loss of frontend/backend protocol synchronization after an error",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
          "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
          "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0244"
        },
        {
          "category": "external",
          "summary": "RHBZ#1188694",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188694"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0244"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0244",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0244"
        },
        {
          "category": "external",
          "summary": "http://www.postgresql.org/about/news/1569/",
          "url": "http://www.postgresql.org/about/news/1569/"
        }
      ],
      "release_date": "2015-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0856"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-ManagedDB57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-ManagedDB57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.src",
            "6Server-Satellite57:postgresql92-postgresql-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-contrib-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-debuginfo-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-libs-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-pltcl-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-server-0:9.2.10-2.el6.x86_64",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.s390x",
            "6Server-Satellite57:postgresql92-postgresql-upgrade-0:9.2.10-2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "postgresql: loss of frontend/backend protocol synchronization after an error"
    }
  ]
}

cve-2015-0243

Vulnerability from cvelistv5

Published

2020-01-27 15:29

Modified

2024-08-06 04:03

Severity

Summary

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

URL	Tags
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0-19.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1-15.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-2-10.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-3-6.html	x_refsource_CONFIRM
http://www.postgresql.org/about/news/1569/	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3155	x_refsource_CONFIRM

Impacted products

Vendor	Product
PostgreSQL Global Development Group	PostgreSQL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news/1569/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "before 9.0.19"
            },
            {
              "status": "affected",
              "version": "9.1.x before 9.1.15"
            },
            {
              "status": "affected",
              "version": "9.2.x before 9.2.10"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.6"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.1"
            }
          ]
        }
      ],
      "datePublic": "2015-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T15:29:28",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news/1569/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 9.0.19"
                          },
                          {
                            "version_value": "9.1.x before 9.1.15"
                          },
                          {
                            "version_value": "9.2.x before 9.2.10"
                          },
                          {
                            "version_value": "9.3.x before 9.3.6"
                          },
                          {
                            "version_value": "9.4.x before 9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
            },
            {
              "name": "http://www.postgresql.org/about/news/1569/",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news/1569/"
            },
            {
              "name": "http://www.debian.org/security/2015/dsa-3155",
              "refsource": "CONFIRM",
              "url": "http://www.debian.org/security/2015/dsa-3155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0243",
    "datePublished": "2020-01-27T15:29:28",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0241

Vulnerability from cvelistv5

Published

2020-01-27 15:29

Modified

2024-08-06 04:03

Severity

Summary

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

References

URL	Tags
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0-19.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1-15.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-2-10.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-3-6.html	x_refsource_CONFIRM
http://www.postgresql.org/about/news/1569/	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3155	x_refsource_CONFIRM

Impacted products

Vendor	Product
PostgreSQL Global Development Group	PostgreSQL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news/1569/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "before 9.0.19"
            },
            {
              "status": "affected",
              "version": "9.1.x before 9.1.15"
            },
            {
              "status": "affected",
              "version": "9.2.x before 9.2.10"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.6"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.1"
            }
          ]
        }
      ],
      "datePublic": "2015-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T15:29:37",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news/1569/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 9.0.19"
                          },
                          {
                            "version_value": "9.1.x before 9.1.15"
                          },
                          {
                            "version_value": "9.2.x before 9.2.10"
                          },
                          {
                            "version_value": "9.3.x before 9.3.6"
                          },
                          {
                            "version_value": "9.4.x before 9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
            },
            {
              "name": "http://www.postgresql.org/about/news/1569/",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news/1569/"
            },
            {
              "name": "http://www.debian.org/security/2015/dsa-3155",
              "refsource": "CONFIRM",
              "url": "http://www.debian.org/security/2015/dsa-3155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0241",
    "datePublished": "2020-01-27T15:29:37",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0244

Vulnerability from cvelistv5

Published

2020-01-27 15:29

Modified

2024-08-06 04:03

Severity

Summary

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

References

URL	Tags
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0-19.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1-15.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-2-10.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-3-6.html	x_refsource_CONFIRM
http://www.postgresql.org/about/news/1569/	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3155	x_refsource_CONFIRM

Impacted products

Vendor	Product
PostgreSQL Global Development Group	PostgreSQL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news/1569/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "before 9.0.19"
            },
            {
              "status": "affected",
              "version": "9.1.x before 9.1.15"
            },
            {
              "status": "affected",
              "version": "9.2.x before 9.2.10"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.6"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.1"
            }
          ]
        }
      ],
      "datePublic": "2015-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T15:29:25",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news/1569/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 9.0.19"
                          },
                          {
                            "version_value": "9.1.x before 9.1.15"
                          },
                          {
                            "version_value": "9.2.x before 9.2.10"
                          },
                          {
                            "version_value": "9.3.x before 9.3.6"
                          },
                          {
                            "version_value": "9.4.x before 9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
            },
            {
              "name": "http://www.postgresql.org/about/news/1569/",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news/1569/"
            },
            {
              "name": "http://www.debian.org/security/2015/dsa-3155",
              "refsource": "CONFIRM",
              "url": "http://www.debian.org/security/2015/dsa-3155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0244",
    "datePublished": "2020-01-27T15:29:25",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8161

Vulnerability from cvelistv5

Published

2020-01-27 15:29

Modified

2024-08-06 13:10

Severity

Summary

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

References

URL	Tags
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0-19.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1-15.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-2-10.html	x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-3-6.html	x_refsource_CONFIRM
http://www.postgresql.org/about/news/1569/	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3155	x_refsource_CONFIRM

Impacted products

Vendor	Product
PostgreSQL Global Development Group	PostgreSQL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:51.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news/1569/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "before 9.0.19"
            },
            {
              "status": "affected",
              "version": "9.1.x before 9.1.15"
            },
            {
              "status": "affected",
              "version": "9.2.x before 9.2.10"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.6"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.1"
            }
          ]
        }
      ],
      "datePublic": "2015-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T15:29:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news/1569/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-8161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 9.0.19"
                          },
                          {
                            "version_value": "9.1.x before 9.1.15"
                          },
                          {
                            "version_value": "9.2.x before 9.2.10"
                          },
                          {
                            "version_value": "9.3.x before 9.3.6"
                          },
                          {
                            "version_value": "9.4.x before 9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
            },
            {
              "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
            },
            {
              "name": "http://www.postgresql.org/about/news/1569/",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news/1569/"
            },
            {
              "name": "http://www.debian.org/security/2015/dsa-3155",
              "refsource": "CONFIRM",
              "url": "http://www.debian.org/security/2015/dsa-3155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8161",
    "datePublished": "2020-01-27T15:29:21",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:51.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2015_0856

Vulnerability from csaf_redhat

cve-2015-0243

Vulnerability from cvelistv5

cve-2015-0241

Vulnerability from cvelistv5

cve-2015-0244

Vulnerability from cvelistv5

cve-2014-8161

Vulnerability from cvelistv5

Tags