Amazon Linux 1 Security Advisory: ALAS-2015-485
Advisory Release Date: 2015-02-25 20:34 Pacific
Advisory Updated Date: 2015-02-25 20:36 Pacific
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0243)
A flaw was found in way PostgreSQL handled certain errors during that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. (CVE-2015-0244)
Affected Packages:
postgresql93
Issue Correction:
Run yum update postgresql93 to update your system.
i686:
postgresql93-libs-9.3.6-1.56.amzn1.i686
postgresql93-server-9.3.6-1.56.amzn1.i686
postgresql93-plperl-9.3.6-1.56.amzn1.i686
postgresql93-plpython-9.3.6-1.56.amzn1.i686
postgresql93-test-9.3.6-1.56.amzn1.i686
postgresql93-devel-9.3.6-1.56.amzn1.i686
postgresql93-pltcl-9.3.6-1.56.amzn1.i686
postgresql93-9.3.6-1.56.amzn1.i686
postgresql93-debuginfo-9.3.6-1.56.amzn1.i686
postgresql93-docs-9.3.6-1.56.amzn1.i686
postgresql93-contrib-9.3.6-1.56.amzn1.i686
src:
postgresql93-9.3.6-1.56.amzn1.src
x86_64:
postgresql93-docs-9.3.6-1.56.amzn1.x86_64
postgresql93-server-9.3.6-1.56.amzn1.x86_64
postgresql93-pltcl-9.3.6-1.56.amzn1.x86_64
postgresql93-9.3.6-1.56.amzn1.x86_64
postgresql93-contrib-9.3.6-1.56.amzn1.x86_64
postgresql93-plperl-9.3.6-1.56.amzn1.x86_64
postgresql93-plpython-9.3.6-1.56.amzn1.x86_64
postgresql93-test-9.3.6-1.56.amzn1.x86_64
postgresql93-libs-9.3.6-1.56.amzn1.x86_64
postgresql93-debuginfo-9.3.6-1.56.amzn1.x86_64
postgresql93-devel-9.3.6-1.56.amzn1.x86_64