USN-2621-1: PostgreSQL vulnerabilities
25 May 2015
Several security issues were fixed in PostgreSQL.
- postgresql-9.1 - Object-relational SQL database
- postgresql-9.3 - Object-relational SQL database
- postgresql-9.4 - Object-relational SQL database
Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled
authentication timeouts. A remote attacker could use this flaw to cause the
unauthenticated session to crash, possibly leading to a security issue.
Noah Misch discovered that PostgreSQL incorrectly handled certain standard
library function return values, possibly leading to security issues.
Noah Misch discovered that the pgcrypto function could return different
error messages when decrypting using an incorrect key, possibly leading to
a security issue. (CVE-2015-3167)
The problem can be corrected by updating your system to the following package versions:
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary