Your submission was sent successfully! Close

CVE-2015-5288

Published: 9 October 2015

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Priority

Low

Status

Package Release Status
postgresql-8.4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needs-triage)
trusty Does not exist

upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
precise
Released (9.1.19-0ubuntu0.12.04)
trusty Does not exist
(trusty was released [9.1.19-0ubuntu0.14.04 ])
upstream
Released (9.1.19)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (9.3.10-0ubuntu0.14.04)
upstream
Released (9.3.10)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.4
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (9.4.5-1)
vivid
Released (9.4.5-0ubuntu0.15.04)
wily Not vulnerable
(9.4.5-1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist