Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2894-1 | First vendor Publication | 2016-02-11 |
Vendor | Ubuntu | Last vendor Modification | 2016-02-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PostgreSQL could be made to crash or run programs if it handled specially crafted data. Software Description: - postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Details: It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: Ubuntu 14.04 LTS: Ubuntu 12.04 LTS: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2894-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-01 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2016-1001.nasl - Type : ACT_GATHER_INFO |
2017-01-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-33.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1060.nasl - Type : ACT_GATHER_INFO |
2016-04-22 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-689.nasl - Type : ACT_GATHER_INFO |
2016-03-11 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-662.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0677-1.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-e0a6c9ebc4.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-b0c2412ab2.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0347.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160302_postgresql_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160302_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0347.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0346.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0346.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0347.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0346.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-271.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-432.nasl - Type : ACT_GATHER_INFO |
2016-02-25 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0555-1.nasl - Type : ACT_GATHER_INFO |
2016-02-24 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-253.nasl - Type : ACT_GATHER_INFO |
2016-02-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0539-1.nasl - Type : ACT_GATHER_INFO |
2016-02-17 | Name : The remote database server is affected by multiple vulnerabilities. File : postgresql_20160215.nasl - Type : ACT_GATHER_INFO |
2016-02-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e8b6605bd29f11e584586cc21735f730.nasl - Type : ACT_GATHER_INFO |
2016-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3476.nasl - Type : ACT_GATHER_INFO |
2016-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3475.nasl - Type : ACT_GATHER_INFO |
2016-02-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2894-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-11 00:29:12 |
|
2016-03-10 05:28:31 |
|
2016-03-09 21:29:24 |
|
2016-02-17 21:30:41 |
|
2016-02-13 13:27:47 |
|
2016-02-11 21:29:33 |
|
2016-02-11 21:24:14 |
|