drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PostgreSQL
Name: |
Mehrere Probleme in PostgreSQL |
|
ID: |
DSA-3269-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy, Debian jessie |
|
Datum: |
Fr, 22. Mai 2015, 19:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3269-1 security@debian.org http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : postgresql-9.1 CVE ID : CVE-2015-3165 CVE-2015-3166 CVE-2015-3167
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
CVE-2015-3165 (Remote crash)
SSL clients disconnecting just before the authentication timeout expires can cause the server to crash.
CVE-2015-3166 (Information exposure)
The replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure.
CVE-2015-3167 (Possible side-channel key exposure)
In contrib/pgcrypto, some cases of decryption with an incorrect key could report other error message texts. Fix by using a one-size-fits-all message.
For the oldstable distribution (wheezy), these problems have been fixed in version 9.1.16-0+deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 9.1.16-0+deb8u1. (Jessie contains a reduced postgresql-9.1 package; only CVE-2015-3166 is fixed in the produced binary package postgresql-plperl-9.1. We recommend to upgrade to postgresql-9.4 to get the full set of fixes. See the Jessie release notes for details.)
The testing distribution (stretch) and the unstable distribution (sid) do not contain the postgresql-9.1 package.
We recommend that you upgrade your postgresql-9.1 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVX0Y1AAoJEAVMuPMTQ89EVJYP/3KmCAo+qajcPllCtIqJ+Bxa 072iEGPz2QId5AOsAlWJ6Oi0iOSTPltrY/Mch8WLGovchBrpRpZNQpcGnRAWMst9 BbA3teZtFpeDuWk82rXAkIztquvsJfbzD9BKSuzmYNK5N+bCmcTGu024LA1qyG/M xFeE72tcWcUySL3sUkWnVrJqWhU5u5kodpBT1mtjLOwX+GF1DkZV1dwr7NiaEs4A qMYv+xi+ZZrEdKQ2UYUuGcPY4Z5/4XIj4/qaap5p8cv7yJ/MBr7+G7UM/bYpQ4dz qfCyGIXARAcT21bjIRVOl8K45nSDzEDk3D4DLrlIGgqOKz1+72dv4P/fJcUsUVhN kUkK1qX2Ef2nSXgzedoy+M+MiAP+B0NbCf/48ORazXiVkI6eojjJYO6TXmCZ+M6E uyt+ff4AkVm3qVRahj6JI7RW8qbTDUsQWtrCb7pZa9Dfkv3lAq7kC+q+QLTQxl9e IkIGAT1sKLCpwVI1K6qqPp8s2Jg8pQLScxsKUN0PX0OJ++AhCYqtUymf6YgCtXbF I7PZP915LniPpNsM/VUtEkHJ8thYGvQ+DZOBBb9g4KVsZdcb+xDbCOnuojOyRVt0 4IEpx6AOcCnEnCwsyGek/j+9fTej1jf227dM17XofER9zArK/re5g6GKw9fqJSq6 bJoIGcHHP1SYqFW8omHS =G0/U -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1YvoZb-0003S5-Ef@master.debian.org
|
|
|
|