| Errata ID | 329 |
|---|---|
| Date | 2016-11-23 |
| Source package | postgresql-9.1 |
| Fixed in version | 9.1.24-0.12.201611161707 |
| Description | Debian updated postgresql-9.1 to the new version 9.1.24, which addresses a couple of stability and security issues: * Attackers may cause denial of service (server crash) or read arbitrary server memory via "too-short" crypt salts (CVE-2015-5288) * Privilege escalation vulnerability for users of PL/Java (CVE-2016-0766) * Denial of service and potential execution of arbitrary code due to buffer overrun in PL/Java regular expression processing (CVE-2016-0773) * possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423) * Fix client programs' handling of special characters in database and role names (CVE-2016-5424) For other changes, see: * <https://www.postgresql.org/docs/9.1/static/release-9-1-17.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-18.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-19.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-20.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-21.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-22.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-23.html> * <https://www.postgresql.org/docs/9.1/static/release-9-1-24.html> |
| Additional notes | |
| CVE ID | CVE-2015-5288 CVE-2016-0766 CVE-2016-0773 CVE-2016-5423 CVE-2016-5424 |
| UCS Bug number | #40717 |
