FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362844
Date:      2014-07-24
Time:      20:12:51Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
42d42090-9a4d-11e3-b029-08002798f6ffPostgreSQL -- multiple privilege issues

PostgreSQL Project reports:

This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page.

With this release, we are also alerting users to a known security hole that allows other users on the same machine to gain access to an operating system account while it is doing "make check": CVE-2014-0067. "Make check" is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run "make check" on machines where untrusted users have accounts.


Discovery 2014-02-20
Entry 2014-02-20
postgresql-server
lt 8.4.20

ge 9.0.0 lt 9.0.16

ge 9.1.0 lt 9.1.12

ge 9.2.0 lt 9.2.7

ge 9.3.0 lt 9.3.3

CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
CVE-2014-0067