Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1264-1

Опубликовано: 24 июн. 2015
Источник: suse-cvrf

Описание

Security update for postgresql93

PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7.

Security issues fixed:

  • CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires.
  • CVE-2015-3166, bsc#931973: Consistently check for failure of the printf() family of functions.
  • CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as 'Wrong key or corrupt data'

Bugs fixed:

  • Protect against wraparound of multixact member IDs.
  • Avoid failures while fsync'ing data directory during crash restart.
  • Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set.
  • Allow libpq to use TLS protocol versions beyond v1.

Список пакетов

SUSE Linux Enterprise Desktop 12
libecpg6-9.3.8-8.1
libpq5-9.3.8-8.1
libpq5-32bit-9.3.8-8.1
postgresql93-9.3.8-8.1
SUSE Linux Enterprise Server 12
libecpg6-9.3.8-8.1
libpq5-9.3.8-8.1
libpq5-32bit-9.3.8-8.1
postgresql93-9.3.8-8.1
postgresql93-contrib-9.3.8-8.1
postgresql93-docs-9.3.8-8.1
postgresql93-server-9.3.8-8.1
SUSE Linux Enterprise Server for SAP Applications 12
libecpg6-9.3.8-8.1
libpq5-9.3.8-8.1
libpq5-32bit-9.3.8-8.1
postgresql93-9.3.8-8.1
postgresql93-contrib-9.3.8-8.1
postgresql93-docs-9.3.8-8.1
postgresql93-server-9.3.8-8.1
SUSE Linux Enterprise Software Development Kit 12
postgresql93-devel-9.3.8-8.1

Ссылки

Описание

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.8-8.1
Ссылки

Описание

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.8-8.1
Ссылки

Описание

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.8-8.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.8-8.1
Ссылки
Уязвимость SUSE-SU-2015:1264-1