Univention Bugzilla – Bug 38607
postgresql-8.4: Multiple issues (3.2)
Last modified: 2015-10-14 14:04:49 CEST
Fix available in upstream Debian package version 8.4.22lts2-0+deb6u1: * Denial of service due to double-free after authentication timeout (CVE-2015-3165) * Information disclosure due to missing checks of return codes from the standard library (CVE-2015-3166) * Inconsistent error messages from contrib/pgcrypto (CVE-2015-3167)
Fixed in 8.4.22lts4-0+deb6u1: * Fix rare failure to invalidate relation cache init file (Tom Lane) With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the init file that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently. (No CVE)
Tests (i386): OK Advisory: 2015-09-17-postgresql-8.4.yaml
* OK - installation/update * OK - tests * OK - update to 4.0 * OK - YAML
<http://errata.software-univention.de/ucs/3.2/373.html>