ALAS-2015-485


Amazon Linux AMI Security Advisory: ALAS-2015-485
Advisory Release Date: 2015-02-25 20:36 Pacific
Severity: Medium

Issue Overview:

A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0243 )

A flaw was found in way PostgreSQL handled certain errors during that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. (CVE-2015-0244 )


Affected Packages:

postgresql93


Issue Correction:
Run yum update postgresql93 to update your system.

New Packages:
i686:
    postgresql93-libs-9.3.6-1.56.amzn1.i686
    postgresql93-server-9.3.6-1.56.amzn1.i686
    postgresql93-plperl-9.3.6-1.56.amzn1.i686
    postgresql93-plpython-9.3.6-1.56.amzn1.i686
    postgresql93-test-9.3.6-1.56.amzn1.i686
    postgresql93-devel-9.3.6-1.56.amzn1.i686
    postgresql93-pltcl-9.3.6-1.56.amzn1.i686
    postgresql93-9.3.6-1.56.amzn1.i686
    postgresql93-debuginfo-9.3.6-1.56.amzn1.i686
    postgresql93-docs-9.3.6-1.56.amzn1.i686
    postgresql93-contrib-9.3.6-1.56.amzn1.i686

src:
    postgresql93-9.3.6-1.56.amzn1.src

x86_64:
    postgresql93-docs-9.3.6-1.56.amzn1.x86_64
    postgresql93-server-9.3.6-1.56.amzn1.x86_64
    postgresql93-pltcl-9.3.6-1.56.amzn1.x86_64
    postgresql93-9.3.6-1.56.amzn1.x86_64
    postgresql93-contrib-9.3.6-1.56.amzn1.x86_64
    postgresql93-plperl-9.3.6-1.56.amzn1.x86_64
    postgresql93-plpython-9.3.6-1.56.amzn1.x86_64
    postgresql93-test-9.3.6-1.56.amzn1.x86_64
    postgresql93-libs-9.3.6-1.56.amzn1.x86_64
    postgresql93-debuginfo-9.3.6-1.56.amzn1.x86_64
    postgresql93-devel-9.3.6-1.56.amzn1.x86_64