PostgreSQL 8.4.x < 8.4.20 / 9.0.x < 9.0.16 / 9.1.x < 9.1.12 / 9.2.x < 9.2.7 / 9.3.x < 9.3.3 Multiple Vulnerabilities



The database running on the remote server is affected by multiple vulnerabilities.


The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to 9.2.7 or 9.3.x prior to 9.3.3 and is potentially affected by multiple vulnerabilities :

- SET ROLE bypasses lack of ADMIN OPTION when granting roles. (CVE-2014-0060)

- It is possible to elevate privileges via calls to validator functions. (CVE-2014-0061)

- It is possible to elevate privileges via a race condition in CREATE INDEX. (CVE-2014-0062)

- Potential buffer overruns exist due to integer overflow in size calculations. (CVE-2014-0063)

- Potential buffer overruns exist in datetime input/output. (CVE-2014-0064)

- Multiple fixed-size buffers exist that could potentially be overflowed. (CVE-2014-0065)

- A potential NULL pointer dereference crash is possible when crypt(3) returns NULL. (CVE-2014-0066)

- Multiple integer overflow vulnerabilities exist in 'hstore_io.c'. (CVE-2014-2669)


Upgrade to PostgreSQL 8.4.20 / 9.0.16 / 9.1.12 / 9.2.7 / 9.3.3, or later.