PublicDateAtUSN: 2015-02-06
Candidate: CVE-2015-0244
PublicDate: 2020-01-27 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
 https://ubuntu.com/security/notices/USN-2499-1
Description:
 PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x
 before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while
 reading a protocol message, which allows remote attackers to conduct SQL
 injection attacks via crafted binary data in a parameter and causing an
 error, which triggers the loss of synchronization and part of the protocol
 message to be treated as a new message, as demonstrated by causing a
 timeout or query cancellation.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.4/+bug/1418928
Priority: medium
Discovered-by: Emil Lenngren
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_postgresql-9.4:
upstream_postgresql-9.4: released (9.4.1)
lucid_postgresql-9.4: DNE
precise_postgresql-9.4: DNE
precise/esm_postgresql-9.4: DNE
trusty_postgresql-9.4: DNE
trusty/esm_postgresql-9.4: DNE
utopic_postgresql-9.4: released (9.4.1-0ubuntu0.14.10)
vivid_postgresql-9.4: not-affected (9.4.1-1)
vivid/stable-phone-overlay_postgresql-9.4: DNE
vivid/ubuntu-core_postgresql-9.4: DNE
wily_postgresql-9.4: not-affected (9.4.1-1)
xenial_postgresql-9.4: DNE
yakkety_postgresql-9.4: DNE
zesty_postgresql-9.4: DNE
devel_postgresql-9.4: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.6)
lucid_postgresql-9.3: DNE
precise_postgresql-9.3: DNE
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.6-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.6-0ubuntu0.14.04)
utopic_postgresql-9.3: DNE
vivid_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
vivid/ubuntu-core_postgresql-9.3: DNE
wily_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.15)
lucid_postgresql-9.1: DNE
precise_postgresql-9.1: released (9.1.15-0ubuntu0.12.04)
precise/esm_postgresql-9.1: released (9.1.15-0ubuntu0.12.04)
trusty_postgresql-9.1: released (9.1.15-0ubuntu0.14.04)
trusty/esm_postgresql-9.1: DNE (trusty was released [9.1.15-0ubuntu0.14.04])
utopic_postgresql-9.1: DNE
vivid_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
vivid/ubuntu-core_postgresql-9.1: DNE
wily_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: ignored (reached end-of-life)
lucid_postgresql-8.4: released (8.4.22-0ubuntu0.10.04.1)
precise_postgresql-8.4: ignored (reached end-of-life)
precise/esm_postgresql-8.4: DNE (precise was needed)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
utopic_postgresql-8.4: DNE
vivid_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
wily_postgresql-8.4: DNE
xenial_postgresql-8.4: DNE
yakkety_postgresql-8.4: DNE
zesty_postgresql-8.4: DNE
devel_postgresql-8.4: DNE