Details of VAR-201505-0062

ID

VAR-201505-0062

CVE

CVE-2015-3165

TITLE

PostgreSQL Memory double free vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002844

DESCRIPTION

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. PostgreSQL Has a deficiency in freeing up memory twice, causing service disruption ( crash ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. PostgreSQL is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, etc. The following versions are affected: PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, 9.4 prior to 9.4.2. x version. CVE-2015-3166 (Information exposure) The replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure. Fix by using a one-size-fits-all message. For the stable distribution (jessie), these problems have been fixed in version 9.4.2-0+deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 9.4.2-1. We recommend that you upgrade your postgresql-9.4 packages. ============================================================================ Ubuntu Security Notice USN-2621-1 May 25, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in PostgreSQL. (CVE-2015-3167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: postgresql-9.4 9.4.2-0ubuntu0.15.04 Ubuntu 14.10: postgresql-9.4 9.4.2-0ubuntu0.14.10 Ubuntu 14.04 LTS: postgresql-9.3 9.3.7-0ubuntu0.14.04 Ubuntu 12.04 LTS: postgresql-9.1 9.1.16-0ubuntu0.12.04 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2015:1194-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1194.html Issue date: 2015-06-29 CVE Names: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 ===================================================================== 1. Summary: Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. (CVE-2015-3165) It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. (CVE-2015-3166) It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This can help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. (CVE-2015-3167) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Benkocs Norbert Attila as the original reporter of CVE-2015-3165 and Noah Misch as the original reporter of CVE-2015-3166 and CVE-2015-3167. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1221537 - CVE-2015-3165 postgresql: double-free after authentication timeout 1221539 - CVE-2015-3166 postgresql: unanticipated errors from the standard library 1221541 - CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm ppc64: postgresql-8.4.20-3.el6_6.ppc.rpm postgresql-8.4.20-3.el6_6.ppc64.rpm postgresql-contrib-8.4.20-3.el6_6.ppc64.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc64.rpm postgresql-devel-8.4.20-3.el6_6.ppc.rpm postgresql-devel-8.4.20-3.el6_6.ppc64.rpm postgresql-docs-8.4.20-3.el6_6.ppc64.rpm postgresql-libs-8.4.20-3.el6_6.ppc.rpm postgresql-libs-8.4.20-3.el6_6.ppc64.rpm postgresql-plperl-8.4.20-3.el6_6.ppc64.rpm postgresql-plpython-8.4.20-3.el6_6.ppc64.rpm postgresql-pltcl-8.4.20-3.el6_6.ppc64.rpm postgresql-server-8.4.20-3.el6_6.ppc64.rpm postgresql-test-8.4.20-3.el6_6.ppc64.rpm s390x: postgresql-8.4.20-3.el6_6.s390.rpm postgresql-8.4.20-3.el6_6.s390x.rpm postgresql-contrib-8.4.20-3.el6_6.s390x.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390x.rpm postgresql-devel-8.4.20-3.el6_6.s390.rpm postgresql-devel-8.4.20-3.el6_6.s390x.rpm postgresql-docs-8.4.20-3.el6_6.s390x.rpm postgresql-libs-8.4.20-3.el6_6.s390.rpm postgresql-libs-8.4.20-3.el6_6.s390x.rpm postgresql-plperl-8.4.20-3.el6_6.s390x.rpm postgresql-plpython-8.4.20-3.el6_6.s390x.rpm postgresql-pltcl-8.4.20-3.el6_6.s390x.rpm postgresql-server-8.4.20-3.el6_6.s390x.rpm postgresql-test-8.4.20-3.el6_6.s390x.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm ppc64: postgresql-9.2.13-1.el7_1.ppc.rpm postgresql-9.2.13-1.el7_1.ppc64.rpm postgresql-contrib-9.2.13-1.el7_1.ppc64.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-devel-9.2.13-1.el7_1.ppc.rpm postgresql-devel-9.2.13-1.el7_1.ppc64.rpm postgresql-docs-9.2.13-1.el7_1.ppc64.rpm postgresql-libs-9.2.13-1.el7_1.ppc.rpm postgresql-libs-9.2.13-1.el7_1.ppc64.rpm postgresql-plperl-9.2.13-1.el7_1.ppc64.rpm postgresql-plpython-9.2.13-1.el7_1.ppc64.rpm postgresql-pltcl-9.2.13-1.el7_1.ppc64.rpm postgresql-server-9.2.13-1.el7_1.ppc64.rpm postgresql-test-9.2.13-1.el7_1.ppc64.rpm s390x: postgresql-9.2.13-1.el7_1.s390.rpm postgresql-9.2.13-1.el7_1.s390x.rpm postgresql-contrib-9.2.13-1.el7_1.s390x.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-devel-9.2.13-1.el7_1.s390.rpm postgresql-devel-9.2.13-1.el7_1.s390x.rpm postgresql-docs-9.2.13-1.el7_1.s390x.rpm postgresql-libs-9.2.13-1.el7_1.s390.rpm postgresql-libs-9.2.13-1.el7_1.s390x.rpm postgresql-plperl-9.2.13-1.el7_1.s390x.rpm postgresql-plpython-9.2.13-1.el7_1.s390x.rpm postgresql-pltcl-9.2.13-1.el7_1.s390x.rpm postgresql-server-9.2.13-1.el7_1.s390x.rpm postgresql-test-9.2.13-1.el7_1.s390x.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: postgresql-9.2.13-1.ael7b_1.src.rpm ppc64le: postgresql-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-contrib-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-devel-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-docs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-libs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plperl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plpython-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-pltcl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-server-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-test-9.2.13-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-upgrade-9.2.13-1.el7_1.ppc64.rpm s390x: postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-upgrade-9.2.13-1.el7_1.s390x.rpm x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-upgrade-9.2.13-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3165 https://access.redhat.com/security/cve/CVE-2015-3166 https://access.redhat.com/security/cve/CVE-2015-3167 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVkXYEXlSAg2UNWIIRAqPyAJ4+oNPb8x+Rv86xVfq+hr0l7wvbBgCgrstj JLgqt0VKrW96edx3scvrmV0= =I50/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-4 OS X Server 5.0.3 OS X Server 5.0.3 is now available and addresses the following: apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center OS X Server 5.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: July 18, 2015 Bugs: #539018, #550172 ID: 201507-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/postgresql < 9.4.3 *>= 9.0.21 *>= 9.1.17 *>= 9.2.12 *>= 9.3.8 >= 9.4.3 Description =========== Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or escalate privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All PostgreSQL 9.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21" All PostgreSQL 9.1.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17" All PostgreSQL 9.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12" All PostgreSQL 9.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8" All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3" References ========== [ 1 ] CVE-2014-8161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8161 [ 2 ] CVE-2015-0241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0241 [ 3 ] CVE-2015-0242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0242 [ 4 ] CVE-2015-0243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0243 [ 5 ] CVE-2015-0244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0244 [ 6 ] CVE-2015-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3165 [ 7 ] CVE-2015-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166 [ 8 ] CVE-2015-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3167 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-20 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2015-3165 // JVNDB: JVNDB-2015-002844 // BID: 74787 // VULHUB: VHN-81126 // PACKETSTORM: 132502 // PACKETSTORM: 132018 // PACKETSTORM: 132501 // PACKETSTORM: 132047 // PACKETSTORM: 132499 // PACKETSTORM: 133619 // PACKETSTORM: 132741

AFFECTED PRODUCTS

vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.1	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.4	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.4.0	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.2	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.3	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.4.1	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.5	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.8	Trust: 1.6
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.6	Trust: 1.6
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.6	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.10	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.14	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.13	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.6	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.10	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.8	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.9	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.11	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	lte	version:	9.0.19	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.10	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.9	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.04	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.7	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.4	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.12	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.15	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.5	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.7	Trust: 1.0
vendor:	postgresql	model:	postgresql	scope:	lt	version:	9.4.x	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	eq	version:	7.0	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	15.04	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.3.7	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.2.11	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	lt	version:	9.3.x	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.1.16	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	12.04 lts	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	eq	version:	9.4.2	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	14.04 lts	Trust: 0.8
vendor:	apple	model:	macos server	scope:	eq	version:	5.0.3	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	eq	version:	8.0	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	lt	version:	9.2.x	Trust: 0.8
vendor:	postgresql	model:	postgresql	scope:	lt	version:	9.1.x	Trust: 0.8
vendor:	apple	model:	macos server	scope:	lt	version:	(os x yosemite v10.10.5 or later )	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	14.10	Trust: 0.8
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3

sources: BID: 74787 // JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3165
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3165
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-491
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81126
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3165
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-81126
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81126 // JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-002844 // NVD: CVE-2015-3165

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132047 // CNNVD: CNNVD-201505-491

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 74787

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002844

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81126

PATCH

title:	APPLE-SA-2015-09-16-4 OS X Server 5.0.3	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html	Trust: 0.8
title:	HT205219	url:	https://support.apple.com/en-us/HT205219	Trust: 0.8
title:	HT205219	url:	http://support.apple.com/ja-jp/HT205219	Trust: 0.8
title:	DSA-3269	url:	https://www.debian.org/security/2015/dsa-3269	Trust: 0.8
title:	DSA-3270	url:	https://www.debian.org/security/2015/dsa-3270	Trust: 0.8
title:	PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 released!	url:	http://www.postgresql.org/about/news/1587/	Trust: 0.8
title:	Release 9.3.7	url:	http://www.postgresql.org/docs/9.3/static/release-9-3-7.html	Trust: 0.8
title:	Release 9.0.20	url:	http://www.postgresql.org/docs/9.0/static/release-9-0-20.html	Trust: 0.8
title:	Release 9.1.16	url:	http://www.postgresql.org/docs/9.1/static/release-9-1-16.html	Trust: 0.8
title:	Release 9.4.2	url:	http://www.postgresql.org/docs/9.4/static/release-9-4-2.html	Trust: 0.8
title:	Release 9.2.11	url:	http://www.postgresql.org/docs/9.2/static/release-9-2-11.html	Trust: 0.8
title:	USN-2621-1	url:	http://www.ubuntu.com/usn/USN-2621-1/	Trust: 0.8
title:	postgresql-9.0.20-1-windows	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55905	Trust: 0.6
title:	postgresql-9.1.16-1-linux	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55909	Trust: 0.6
title:	postgresql-9.2.11-1-osx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55913	Trust: 0.6
title:	postgresql-9.4.2-1-windows	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55917	Trust: 0.6
title:	postgresql-9.1.16-1-windows	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55908	Trust: 0.6
title:	postgresql-9.2.11-1-linux	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55912	Trust: 0.6
title:	postgresql-9.3.7-1-osx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55916	Trust: 0.6
title:	postgresql-9.0.20-1-osx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55907	Trust: 0.6
title:	postgresql-9.2.11-1-windows	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55911	Trust: 0.6
title:	postgresql-9.3.7-1-linux	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55915	Trust: 0.6
title:	postgresql-9.4.2-1-osx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55919	Trust: 0.6
title:	postgresql-9.0.20-1-linux	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55906	Trust: 0.6
title:	postgresql-9.1.16-1-osx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55910	Trust: 0.6
title:	postgresql-9.3.7-1-windows	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55914	Trust: 0.6
title:	postgresql-9.4.2-1-linux	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55918	Trust: 0.6

sources: JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3165	Trust: 3.5
db:	BID	id:	74787	Trust: 2.0
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-491	Trust: 0.7
db:	SECUNIA	id:	64714	Trust: 0.6
db:	SECUNIA	id:	64566	Trust: 0.6
db:	SECUNIA	id:	64733	Trust: 0.6
db:	PACKETSTORM	id:	132499	Trust: 0.2
db:	PACKETSTORM	id:	132501	Trust: 0.2
db:	PACKETSTORM	id:	132018	Trust: 0.2
db:	PACKETSTORM	id:	132502	Trust: 0.2
db:	PACKETSTORM	id:	132047	Trust: 0.2
db:	VULHUB	id:	VHN-81126	Trust: 0.1
db:	PACKETSTORM	id:	133619	Trust: 0.1
db:	PACKETSTORM	id:	132741	Trust: 0.1

sources: VULHUB: VHN-81126 // BID: 74787 // JVNDB: JVNDB-2015-002844 // PACKETSTORM: 132502 // PACKETSTORM: 132018 // PACKETSTORM: 132501 // PACKETSTORM: 132047 // PACKETSTORM: 132499 // PACKETSTORM: 133619 // PACKETSTORM: 132741 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

REFERENCES

url:	http://www.postgresql.org/about/news/1587/	Trust: 2.0
url:	http://www.ubuntu.com/usn/usn-2621-1	Trust: 1.8
url:	http://www.securityfocus.com/bid/74787	Trust: 1.7
url:	http://www.postgresql.org/docs/9.0/static/release-9-0-20.html	Trust: 1.7
url:	http://www.postgresql.org/docs/9.1/static/release-9-1-16.html	Trust: 1.7
url:	http://www.postgresql.org/docs/9.2/static/release-9-2-11.html	Trust: 1.7
url:	http://www.postgresql.org/docs/9.3/static/release-9-3-7.html	Trust: 1.7
url:	http://www.postgresql.org/docs/9.4/static/release-9-4-2.html	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3269	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3270	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-1194.html	Trust: 1.5
url:	http://rhn.redhat.com/errata/rhsa-2015-1195.html	Trust: 1.5
url:	http://rhn.redhat.com/errata/rhsa-2015-1196.html	Trust: 1.5
url:	https://security.gentoo.org/glsa/201507-20	Trust: 1.2
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html	Trust: 1.1
url:	https://support.apple.com/ht205219	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3165	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3165	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3165	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3166	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3167	Trust: 0.7
url:	http://secunia.com/advisories/64566	Trust: 0.6
url:	http://secunia.com/advisories/64714	Trust: 0.6
url:	http://secunia.com/advisories/64733	Trust: 0.6
url:	http://www.postgresql.org/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-3165	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21960649	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3167	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3165	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3166	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	http://www.debian.org/security/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8161	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0242	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0241	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0243	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0244	Trust: 0.2
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.14.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.16-0ubuntu0.12.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.7-0ubuntu0.14.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.15.04	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8109	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3185	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0253	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1349	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3581	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5911	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0067	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5704	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8161	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3166	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0243	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0241	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3165	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3167	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0242	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0244	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

Benkocs Norbert Attila

Trust: 0.9

sources: BID: 74787 // CNNVD: CNNVD-201505-491

SOURCES

db:	VULHUB	id:	VHN-81126
db:	BID	id:	74787
db:	JVNDB	id:	JVNDB-2015-002844
db:	PACKETSTORM	id:	132502
db:	PACKETSTORM	id:	132018
db:	PACKETSTORM	id:	132501
db:	PACKETSTORM	id:	132047
db:	PACKETSTORM	id:	132499
db:	PACKETSTORM	id:	133619
db:	PACKETSTORM	id:	132741
db:	CNNVD	id:	CNNVD-201505-491
db:	NVD	id:	CVE-2015-3165

LAST UPDATE DATE

2024-09-01T21:51:34.784000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81126	date:	2018-01-05T00:00:00
db:	BID	id:	74787	date:	2015-11-03T19:43:00
db:	JVNDB	id:	JVNDB-2015-002844	date:	2015-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201505-491	date:	2015-05-29T00:00:00
db:	NVD	id:	CVE-2015-3165	date:	2018-01-05T02:30:05.167

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81126	date:	2015-05-28T00:00:00
db:	BID	id:	74787	date:	2015-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-002844	date:	2015-06-01T00:00:00
db:	PACKETSTORM	id:	132502	date:	2015-06-30T00:15:36
db:	PACKETSTORM	id:	132018	date:	2015-05-22T22:22:00
db:	PACKETSTORM	id:	132501	date:	2015-06-30T00:15:27
db:	PACKETSTORM	id:	132047	date:	2015-05-26T07:26:18
db:	PACKETSTORM	id:	132499	date:	2015-06-30T00:15:10
db:	PACKETSTORM	id:	133619	date:	2015-09-19T15:37:27
db:	PACKETSTORM	id:	132741	date:	2015-07-20T15:45:21
db:	CNNVD	id:	CNNVD-201505-491	date:	2015-05-25T00:00:00
db:	NVD	id:	CVE-2015-3165	date:	2015-05-28T14:59:06.283