Univention Bugzilla – Bug 38608
postgresql-9.1: Multiple issues (4.0)
Last modified: 2015-10-14 14:56:57 CEST
Fix available in upstream Debian package version 9.1.16-0+deb7u1: * Denial of service due to double-free after authentication timeout (CVE-2015-3165) * Information disclosure due to missing checks of return codes from the standard library (CVE-2015-3166) * Inconsistent error messages from contrib/pgcrypto (CVE-2015-3167)
Upstream Debian package version 9.1.16-0+deb7u2 fixes a regression: http://www.postgresql.org/about/news/1587/
Tests (i386): OK Advisory: 2015-09-17-postgresql-9.1.yaml
OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(postgresql-9.1)?not(?name(udeb))~i' OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(postgresql-9.1)?not(?name(udeb))' OK: zless /usr/share/doc/postgresql-client-9.1/changelog.Debian.gz ]9.1.15-0+deb7u1..9.1.16-0+deb7u2] OK: univention-pkgdb OK: 2015-09-17-postgresql-9.1.yaml OK: errata-announce -V 2015-09-17-postgresql-9.1.yaml OK: CVE-2015-3165 OK: CVE-2015-3166 OK: CVE-2015-3167
<http://errata.software-univention.de/ucs/4.0/340.html>