From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4028-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : postgresql-9.6
CVE ID : CVE-2017-15098 CVE-2017-15099
Several vulnerabilities have been found in the PostgreSQL database system:
CVE-2017-15098
Denial of service and potential memory disclosure in the
json_populate_recordset() and jsonb_populate_recordset() functions
CVE-2017-15099
Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE"
statements.
For the stable distribution (stretch), these problems have been fixed in version 9.6.6-0+deb9u1.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloEyhkACgkQEMKTtsN8 TjZUXBAAsMxeyYPoaLqEnt31LCiRyj6k6/1JzbFrSAjDB6FdxVpgeO/29SeLpzff AxrrzulT7OwdJ7DLCNbByhA2a3lY0FKAregRXrbao4fw7DuUSVUnkZ/6kvV3CFUq VeM/IIb06438GelxuyljkgefRFoe22w1ZsYxVSCLgUicTuraU7oHSE9L+cXRGHNh +yvL9augnnD8uJxmtv5P/MCiX5SBFoS+krU29bdvRrVjCMkR8CfhVwYoUd05DBtW f+gkPp8C9kLJq6VqbcAG9rRFmYtGL/74Q9M98s+hoco1c0CtNXpYDMmqCHtDPCYC 10m0joxZsD3sxyYTgftATZ4lrRRN0jF/fmGpqY+//QppJTr9hkQlEysKS8e6ckAa jRiI/oyjwlo9C4B3sTza2vxwx2odoqtIqYj55JdH/YaXoraw6xafSBpF94iGjr0H UarIPZDJWc78Uz+gbp5AB3Hh1+Hi/cCR+KjrRUc187AplTRcE4P1b8fc9HES+hWZ Gc9eRl7xe3qLRR+18iM9AKkAIXpXrjvLdEq1OIS0TszSK/LkqXVMoRgJS4sLmIkE b85xESzzHrIFpOvy2+eeZqyOJZSd7zeueIrxB91xWTH4JgnQQ5Bo0eg75JAQx7QT TcoK75HfhGAp6fwiDOSmuYyszqMngQhxPp4eovlfDPeJTeaASE8=
=O8DQ
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)