USN-2894-1: PostgreSQL vulnerabilities
11 February 2016
PostgreSQL could be made to crash or run programs if it handled specially crafted data.
Releases
Packages
- postgresql-9.1 - Object-relational SQL database
- postgresql-9.3 - Object-relational SQL database
- postgresql-9.4 - Object-relational SQL database
Details
It was discovered that PostgreSQL incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773)
It was discovered that PostgreSQL incorrectly handled certain configuration
settings (GUCS) for users of PL/Java. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-0766)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10
Ubuntu 14.04
Ubuntu 12.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.