Описание
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered.
Отчет
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Affected | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Affected | ||
| Red Hat Satellite 5.7 | postgresql92 | Affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2015:1194 | 29.06.2015 |
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2015:1194 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | postgresql92-postgresql | Fixed | RHSA-2015:1195 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-postgresql94-postgresql | Fixed | RHSA-2015:1196 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | postgresql92-postgresql | Fixed | RHSA-2015:1195 | 29.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9. ...
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Уязвимость операционной системы Debian GNU\Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2