Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1091-1

Опубликовано: 11 июн. 2015
Источник: suse-cvrf

Описание

Security update for postgresql91

This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements.

The following vulnerabilities have been fixed:

* CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972) * CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973) * CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974)

For a comprehensive list of changes, please refer to http://www.postgresql.org/docs/9.1/static/release-9-1-18.html http://www.postgresql.org/docs/9.1/static/release-9-1-18.html .

This update also includes changes in PostgreSQL's packaging to prepare for the migration to the new major version 9.4. (FATE#316970, bsc#907651)

Security Issues:

* CVE-2015-3165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165> * CVE-2015-3166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166> * CVE-2015-3167 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
postgresql91-9.1.18-0.3.1
postgresql91-docs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3
postgresql91-9.1.18-0.3.1
postgresql91-contrib-9.1.18-0.3.1
postgresql91-docs-9.1.18-0.3.1
postgresql91-server-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
postgresql91-9.1.18-0.3.1
postgresql91-contrib-9.1.18-0.3.1
postgresql91-docs-9.1.18-0.3.1
postgresql91-server-9.1.18-0.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
postgresql91-9.1.18-0.3.1
postgresql91-contrib-9.1.18-0.3.1
postgresql91-docs-9.1.18-0.3.1
postgresql91-server-9.1.18-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP3
postgresql91-devel-9.1.18-0.3.1
SUSE Manager 2.1
postgresql91-pltcl-9.1.18-0.3.1

Ссылки

Описание

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-docs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-contrib-9.1.18-0.3.1
Ссылки

Описание

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-docs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-contrib-9.1.18-0.3.1
Ссылки

Описание

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-docs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-contrib-9.1.18-0.3.1
Ссылки
Уязвимость SUSE-SU-2015:1091-1