* New upstream security/bug fix release: (LP: #1544576)
- Fix infinite loops and buffer-overrun problems in regular expressions.
Very large character ranges in bracket expressions could cause infinite
loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
- Prevent certain PL/Java parameters from being set by non-superusers.
This change mitigates a PL/Java security bug (CVE-2016-0766), which was
fixed in PL/Java by marking these parameters as superuser-only. To fix
the security hazard for sites that update PostgreSQL more frequently
than PL/Java, make the core code aware of them also.
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Thu, 11 Feb 2016 15:44:43 +0100
This bug was fixed in the package postgresql-9.3 - 9.3.11- 0ubuntu0. 14.04
--------------- 0ubuntu0. 14.04) trusty-security; urgency=medium
postgresql-9.3 (9.3.11-
* New upstream security/bug fix release: (LP: #1544576) CVE-2016- 0773)
- Fix infinite loops and buffer-overrun problems in regular expressions.
Very large character ranges in bracket expressions could cause infinite
loops in some cases, and memory overwrites in other cases.
(
- Prevent certain PL/Java parameters from being set by non-superusers.
This change mitigates a PL/Java security bug (CVE-2016-0766), which was
fixed in PL/Java by marking these parameters as superuser-only. To fix
the security hazard for sites that update PostgreSQL more frequently
than PL/Java, make the core code aware of them also.
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Thu, 11 Feb 2016 15:44:43 +0100