[3.3] postgresql: Security issues (CVE-2015-5288, CVE-2015-5289)
Two security issues have been fixed in this release which affect users of specific PostgreSQL features:
Unchecked JSON input can crash the server (CVE-2015-5289)
json or jsonb input values constructed from arbitrary user input can
crash the PostgreSQL server and cause a denial of service.
Memory leak in crypt() function (CVE-2015-5288)
The crypt() function included with the optional pgCrypto extension could
be exploited to read
a few additional bytes of memory. No working exploit for this issue has been developed.
9.4, 9.3, 9.2, 9.1, 9.0
9.4.5, 9.3.10, 9.2.14, 9.1.19, 9.0.23
(from redmine: issue id 4780, created on 2015-10-20, closed on 2015-12-02)
- parent #4779 (closed)