1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3269-2] postgresql-9.1 regression update

    From Salvatore Bonaccorso@1:229/2 to All on Sun May 31 07:00:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3269-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    May 31, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : postgresql-9.1
    Debian Bug : 786874

    The update for postgresql-9.1 in DSA-3269-1 introduced a regression
    which can causes PostgreSQL to refuse to restart after an unexpected
    shutdown or when restoring from a binary backup. Updated packages are
    now available to address this regression. Please refer to the upstream
    Bug FAQ for additional information:

    https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug

    For reference, the original advisory text follows.

    Several vulnerabilities have been found in PostgreSQL-9.1, a SQL
    database system.

    CVE-2015-3165 (Remote crash)

    SSL clients disconnecting just before the authentication timeout
    expires can cause the server to crash.

    CVE-2015-3166 (Information exposure)

    The replacement implementation of snprintf() failed to check for
    errors reported by the underlying system library calls; the main
    case that might be missed is out-of-memory situations. In the worst
    case this might lead to information exposure

    CVE-2015-3167 (Possible side-channel key exposure)

    In contrib/pgcrypto, some cases of decryption with an incorrect key
    could report other error message texts. Fix by using a
    one-size-fits-all message.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 9.1.16-0+deb7u2.

    We recommend that you upgrade your postgresql-9.1 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJVapP7AAoJEAVMuPMTQ89E6IQP/0FqmHNNmQel7gWlFgxW8TJs yat/dsA5e08OovZV40FZ/AogXvRwxSjoNdxo/R0NL4RzA5V6KhWC2taWx+xG0YUX 9eMvu/LbqBo/K9hwn+mTmNXegRHrNvDS1fPeDTdU5vsr7lAWFay+mncbXQNCWmeW wWFU6zONqccNJT1aLV55xmvu5OsUDNm3DcWg/wXDSImpGPesj2QnDhe8GxxjBo1h cf6hIh4wOyB+qYxWtxb20UIsmfHpIe4HadvejT4wGP7qXlCqs93BL1qpgDQuvZEc IXQAD9LRwGDyopKHSp8d7s5PTCCcYRGLopJ1ozSBfJ12PSTXPM2OqMwSeXbv/Fc9 u20Z2i+HqDeYRQnBas/xX9M+QwEEQZPQ/eOgnTLEMBpDG4RujYEsRCxODt6ZoWVA jwcZlNqkBRO1b4BVnjIQmldSIKap3tWiB6UA+To1SvZw1rkyvirpc/u8dscMcuLW loHrzFeIMOFjZNG3ssMiQ5sv3B+IZNcb0uXkAQQFu9bcGCtdq1Y6WxRvK327O+o7 KTTazBA1OKeR09wqBh+uOIIlv/Bc56Dt+Krpr3bjq5NHAFCkIY6nUa+dmgOi0K23 pEXPabJyKJs9zOGNMamgEk89/E/t9Q3+DPxEnLqJBlP1FwiZm0bYUVo3K03dZJlq 18GSE1ofUQIuv6FYG9EQ
    =rZH8
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)