Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Debian: DSA-3269-2 Critical: PostgreSQL-9.1 Restart Regression Issue

debian
Calendar Grey May 31, 2015
Debian Logo
The recent Debian Security Notice DSA-3269-2 discusses an issue related to PostgreSQL-9.1 that affects the ability to properly reboot the system.
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary ba...

Summary

https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug

For reference, the original advisory text follows.

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL
database system.

CVE-2015-3165 (Remote crash)

SSL clients disconnecting just before the authentication timeout
expires can cause the server to crash.

CVE-2015-3166 (Information exposure)

The replacement implementation of snprintf() failed to check for
errors reported by the underlying system library calls; the main
case that might be missed is out-of-memory situations. In the worst
case this might lead to information exposure

CVE-2015-3167 (Possible side-channel key exposure)

In contrib/pgcrypto, some cases of decryption with an incorrect key
could report other error message texts. Fix by using a
one-size-fits-all message.

For the oldstable distribution (wheezy), this problem has been fixed
in version 9.1.16-0+deb7u2.

We recommend that you upgrade your postgresql-9.1 packages.

Further inf...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.