MEDIUM4.3
Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
ALT-PU-2015-2851-1Обновление пакета postgresql9.4 в ветке sisyphus
Серьёзность:
Закрытые проблемы (6)
MEDIUM4.3
Уязвимость операционной системы Ubuntu, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
MEDIUM4.3
Уязвимость операционной системы Debian GNU\Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
MEDIUM4.3
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2015-1194.html
- http://rhn.redhat.com/errata/RHSA-2015-1195.html
- http://rhn.redhat.com/errata/RHSA-2015-1196.html
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://www.securityfocus.com/bid/74787
- http://www.ubuntu.com/usn/USN-2621-1
- https://security.gentoo.org/glsa/201507-20
- https://support.apple.com/HT205219
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2015-1194.html
- http://rhn.redhat.com/errata/RHSA-2015-1195.html
- http://rhn.redhat.com/errata/RHSA-2015-1196.html
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://www.securityfocus.com/bid/74787
- http://www.ubuntu.com/usn/USN-2621-1
- https://security.gentoo.org/glsa/201507-20
- https://support.apple.com/HT205219
CRITICAL9.8
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xКРИТИЧЕСКАЯ 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HСсылки
- http://ubuntu.com/usn/usn-2621-1
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://ubuntu.com/usn/usn-2621-1
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
HIGH7.5
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NСсылки
- http://ubuntu.com/usn/usn-2621-1
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://ubuntu.com/usn/usn-2621-1
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html