ID

VAR-201505-0062


CVE

CVE-2015-3165


TITLE

PostgreSQL Memory double free vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002844

DESCRIPTION

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. PostgreSQL Has a deficiency in freeing up memory twice, causing service disruption ( crash ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. PostgreSQL is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, etc. The following versions are affected: PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, 9.4 prior to 9.4.2. x version. CVE-2015-3166 (Information exposure) The replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure. Fix by using a one-size-fits-all message. For the stable distribution (jessie), these problems have been fixed in version 9.4.2-0+deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 9.4.2-1. We recommend that you upgrade your postgresql-9.4 packages. ============================================================================ Ubuntu Security Notice USN-2621-1 May 25, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in PostgreSQL. (CVE-2015-3167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: postgresql-9.4 9.4.2-0ubuntu0.15.04 Ubuntu 14.10: postgresql-9.4 9.4.2-0ubuntu0.14.10 Ubuntu 14.04 LTS: postgresql-9.3 9.3.7-0ubuntu0.14.04 Ubuntu 12.04 LTS: postgresql-9.1 9.1.16-0ubuntu0.12.04 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2015:1194-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1194.html Issue date: 2015-06-29 CVE Names: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 ===================================================================== 1. Summary: Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. (CVE-2015-3165) It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. (CVE-2015-3166) It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This can help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. (CVE-2015-3167) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Benkocs Norbert Attila as the original reporter of CVE-2015-3165 and Noah Misch as the original reporter of CVE-2015-3166 and CVE-2015-3167. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1221537 - CVE-2015-3165 postgresql: double-free after authentication timeout 1221539 - CVE-2015-3166 postgresql: unanticipated errors from the standard library 1221541 - CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm ppc64: postgresql-8.4.20-3.el6_6.ppc.rpm postgresql-8.4.20-3.el6_6.ppc64.rpm postgresql-contrib-8.4.20-3.el6_6.ppc64.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc64.rpm postgresql-devel-8.4.20-3.el6_6.ppc.rpm postgresql-devel-8.4.20-3.el6_6.ppc64.rpm postgresql-docs-8.4.20-3.el6_6.ppc64.rpm postgresql-libs-8.4.20-3.el6_6.ppc.rpm postgresql-libs-8.4.20-3.el6_6.ppc64.rpm postgresql-plperl-8.4.20-3.el6_6.ppc64.rpm postgresql-plpython-8.4.20-3.el6_6.ppc64.rpm postgresql-pltcl-8.4.20-3.el6_6.ppc64.rpm postgresql-server-8.4.20-3.el6_6.ppc64.rpm postgresql-test-8.4.20-3.el6_6.ppc64.rpm s390x: postgresql-8.4.20-3.el6_6.s390.rpm postgresql-8.4.20-3.el6_6.s390x.rpm postgresql-contrib-8.4.20-3.el6_6.s390x.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390x.rpm postgresql-devel-8.4.20-3.el6_6.s390.rpm postgresql-devel-8.4.20-3.el6_6.s390x.rpm postgresql-docs-8.4.20-3.el6_6.s390x.rpm postgresql-libs-8.4.20-3.el6_6.s390.rpm postgresql-libs-8.4.20-3.el6_6.s390x.rpm postgresql-plperl-8.4.20-3.el6_6.s390x.rpm postgresql-plpython-8.4.20-3.el6_6.s390x.rpm postgresql-pltcl-8.4.20-3.el6_6.s390x.rpm postgresql-server-8.4.20-3.el6_6.s390x.rpm postgresql-test-8.4.20-3.el6_6.s390x.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: postgresql-8.4.20-3.el6_6.src.rpm i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm ppc64: postgresql-9.2.13-1.el7_1.ppc.rpm postgresql-9.2.13-1.el7_1.ppc64.rpm postgresql-contrib-9.2.13-1.el7_1.ppc64.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-devel-9.2.13-1.el7_1.ppc.rpm postgresql-devel-9.2.13-1.el7_1.ppc64.rpm postgresql-docs-9.2.13-1.el7_1.ppc64.rpm postgresql-libs-9.2.13-1.el7_1.ppc.rpm postgresql-libs-9.2.13-1.el7_1.ppc64.rpm postgresql-plperl-9.2.13-1.el7_1.ppc64.rpm postgresql-plpython-9.2.13-1.el7_1.ppc64.rpm postgresql-pltcl-9.2.13-1.el7_1.ppc64.rpm postgresql-server-9.2.13-1.el7_1.ppc64.rpm postgresql-test-9.2.13-1.el7_1.ppc64.rpm s390x: postgresql-9.2.13-1.el7_1.s390.rpm postgresql-9.2.13-1.el7_1.s390x.rpm postgresql-contrib-9.2.13-1.el7_1.s390x.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-devel-9.2.13-1.el7_1.s390.rpm postgresql-devel-9.2.13-1.el7_1.s390x.rpm postgresql-docs-9.2.13-1.el7_1.s390x.rpm postgresql-libs-9.2.13-1.el7_1.s390.rpm postgresql-libs-9.2.13-1.el7_1.s390x.rpm postgresql-plperl-9.2.13-1.el7_1.s390x.rpm postgresql-plpython-9.2.13-1.el7_1.s390x.rpm postgresql-pltcl-9.2.13-1.el7_1.s390x.rpm postgresql-server-9.2.13-1.el7_1.s390x.rpm postgresql-test-9.2.13-1.el7_1.s390x.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: postgresql-9.2.13-1.ael7b_1.src.rpm ppc64le: postgresql-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-contrib-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-devel-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-docs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-libs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plperl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plpython-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-pltcl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-server-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-test-9.2.13-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-upgrade-9.2.13-1.el7_1.ppc64.rpm s390x: postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-upgrade-9.2.13-1.el7_1.s390x.rpm x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-upgrade-9.2.13-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: postgresql-9.2.13-1.el7_1.src.rpm x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3165 https://access.redhat.com/security/cve/CVE-2015-3166 https://access.redhat.com/security/cve/CVE-2015-3167 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVkXYEXlSAg2UNWIIRAqPyAJ4+oNPb8x+Rv86xVfq+hr0l7wvbBgCgrstj JLgqt0VKrW96edx3scvrmV0= =I50/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-4 OS X Server 5.0.3 OS X Server 5.0.3 is now available and addresses the following: apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center OS X Server 5.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: July 18, 2015 Bugs: #539018, #550172 ID: 201507-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/postgresql < 9.4.3 *>= 9.0.21 *>= 9.1.17 *>= 9.2.12 *>= 9.3.8 >= 9.4.3 Description =========== Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or escalate privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All PostgreSQL 9.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21" All PostgreSQL 9.1.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17" All PostgreSQL 9.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12" All PostgreSQL 9.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8" All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3" References ========== [ 1 ] CVE-2014-8161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8161 [ 2 ] CVE-2015-0241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0241 [ 3 ] CVE-2015-0242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0242 [ 4 ] CVE-2015-0243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0243 [ 5 ] CVE-2015-0244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0244 [ 6 ] CVE-2015-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3165 [ 7 ] CVE-2015-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166 [ 8 ] CVE-2015-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3167 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-20 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2015-3165 // JVNDB: JVNDB-2015-002844 // BID: 74787 // VULHUB: VHN-81126 // PACKETSTORM: 132502 // PACKETSTORM: 132018 // PACKETSTORM: 132501 // PACKETSTORM: 132047 // PACKETSTORM: 132499 // PACKETSTORM: 133619 // PACKETSTORM: 132741

AFFECTED PRODUCTS

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.1

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.4

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.4.0

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.2

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.3

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.4.1

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.5

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.8

Trust: 1.6

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.6

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.6

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.10

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.14

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.13

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.6

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.1

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.3

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.5

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.10

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:5.0.2

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.8

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.9

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.11

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.3

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.2

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:lteversion:9.0.19

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.10

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.9

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.7

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.4

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.12

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.4

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.15

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.5

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.1

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.7

Trust: 1.0

vendor:postgresqlmodel:postgresqlscope:ltversion:9.4.x

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:7.0

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.04

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:eqversion:9.3.7

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:eqversion:9.2.11

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:ltversion:9.3.x

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:eqversion:9.1.16

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:eqversion:9.4.2

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:applemodel:macos serverscope:eqversion:5.0.3

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:ltversion:9.2.x

Trust: 0.8

vendor:postgresqlmodel:postgresqlscope:ltversion:9.1.x

Trust: 0.8

vendor:applemodel:macos serverscope:ltversion:(os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.10

Trust: 0.8

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

sources: BID: 74787 // JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3165
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3165
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-491
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81126
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3165
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81126
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81126 // JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-002844 // NVD: CVE-2015-3165

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132047 // CNNVD: CNNVD-201505-491

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 74787

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002844

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81126

PATCH

title:APPLE-SA-2015-09-16-4 OS X Server 5.0.3url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Trust: 0.8

title:HT205219url:https://support.apple.com/en-us/HT205219

Trust: 0.8

title:HT205219url:http://support.apple.com/ja-jp/HT205219

Trust: 0.8

title:DSA-3269url:https://www.debian.org/security/2015/dsa-3269

Trust: 0.8

title:DSA-3270url:https://www.debian.org/security/2015/dsa-3270

Trust: 0.8

title:PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 released!url:http://www.postgresql.org/about/news/1587/

Trust: 0.8

title:Release 9.3.7url:http://www.postgresql.org/docs/9.3/static/release-9-3-7.html

Trust: 0.8

title:Release 9.0.20url:http://www.postgresql.org/docs/9.0/static/release-9-0-20.html

Trust: 0.8

title:Release 9.1.16url:http://www.postgresql.org/docs/9.1/static/release-9-1-16.html

Trust: 0.8

title:Release 9.4.2url:http://www.postgresql.org/docs/9.4/static/release-9-4-2.html

Trust: 0.8

title:Release 9.2.11url:http://www.postgresql.org/docs/9.2/static/release-9-2-11.html

Trust: 0.8

title:USN-2621-1url:http://www.ubuntu.com/usn/USN-2621-1/

Trust: 0.8

title:postgresql-9.0.20-1-windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55905

Trust: 0.6

title:postgresql-9.1.16-1-linuxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55909

Trust: 0.6

title:postgresql-9.2.11-1-osxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55913

Trust: 0.6

title:postgresql-9.4.2-1-windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55917

Trust: 0.6

title:postgresql-9.1.16-1-windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55908

Trust: 0.6

title:postgresql-9.2.11-1-linuxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55912

Trust: 0.6

title:postgresql-9.3.7-1-osxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55916

Trust: 0.6

title:postgresql-9.0.20-1-osxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55907

Trust: 0.6

title:postgresql-9.2.11-1-windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55911

Trust: 0.6

title:postgresql-9.3.7-1-linuxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55915

Trust: 0.6

title:postgresql-9.4.2-1-osxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55919

Trust: 0.6

title:postgresql-9.0.20-1-linuxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55906

Trust: 0.6

title:postgresql-9.1.16-1-osxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55910

Trust: 0.6

title:postgresql-9.3.7-1-windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55914

Trust: 0.6

title:postgresql-9.4.2-1-linuxurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55918

Trust: 0.6

sources: JVNDB: JVNDB-2015-002844 // CNNVD: CNNVD-201505-491

EXTERNAL IDS

db:NVDid:CVE-2015-3165

Trust: 3.5

db:BIDid:74787

Trust: 2.0

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-002844

Trust: 0.8

db:CNNVDid:CNNVD-201505-491

Trust: 0.7

db:SECUNIAid:64714

Trust: 0.6

db:SECUNIAid:64566

Trust: 0.6

db:SECUNIAid:64733

Trust: 0.6

db:PACKETSTORMid:132499

Trust: 0.2

db:PACKETSTORMid:132501

Trust: 0.2

db:PACKETSTORMid:132018

Trust: 0.2

db:PACKETSTORMid:132502

Trust: 0.2

db:PACKETSTORMid:132047

Trust: 0.2

db:VULHUBid:VHN-81126

Trust: 0.1

db:PACKETSTORMid:133619

Trust: 0.1

db:PACKETSTORMid:132741

Trust: 0.1

sources: VULHUB: VHN-81126 // BID: 74787 // JVNDB: JVNDB-2015-002844 // PACKETSTORM: 132502 // PACKETSTORM: 132018 // PACKETSTORM: 132501 // PACKETSTORM: 132047 // PACKETSTORM: 132499 // PACKETSTORM: 133619 // PACKETSTORM: 132741 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

REFERENCES

url:http://www.postgresql.org/about/news/1587/

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-2621-1

Trust: 1.8

url:http://www.securityfocus.com/bid/74787

Trust: 1.7

url:http://www.postgresql.org/docs/9.0/static/release-9-0-20.html

Trust: 1.7

url:http://www.postgresql.org/docs/9.1/static/release-9-1-16.html

Trust: 1.7

url:http://www.postgresql.org/docs/9.2/static/release-9-2-11.html

Trust: 1.7

url:http://www.postgresql.org/docs/9.3/static/release-9-3-7.html

Trust: 1.7

url:http://www.postgresql.org/docs/9.4/static/release-9-4-2.html

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3269

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3270

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2015-1194.html

Trust: 1.5

url:http://rhn.redhat.com/errata/rhsa-2015-1195.html

Trust: 1.5

url:http://rhn.redhat.com/errata/rhsa-2015-1196.html

Trust: 1.5

url:https://security.gentoo.org/glsa/201507-20

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html

Trust: 1.1

url:https://support.apple.com/ht205219

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3165

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3165

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3165

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-3166

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-3167

Trust: 0.7

url:http://secunia.com/advisories/64566

Trust: 0.6

url:http://secunia.com/advisories/64714

Trust: 0.6

url:http://secunia.com/advisories/64733

Trust: 0.6

url:http://www.postgresql.org/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-3165

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21960649

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3167

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3165

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3166

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:http://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-8161

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0242

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0241

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0243

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0244

Trust: 0.2

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.14.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.16-0ubuntu0.12.04

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.7-0ubuntu0.14.04

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.15.04

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0253

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3581

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5911

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8161

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3166

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0243

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0241

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3165

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3167

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0244

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-81126 // BID: 74787 // JVNDB: JVNDB-2015-002844 // PACKETSTORM: 132502 // PACKETSTORM: 132018 // PACKETSTORM: 132501 // PACKETSTORM: 132047 // PACKETSTORM: 132499 // PACKETSTORM: 133619 // PACKETSTORM: 132741 // CNNVD: CNNVD-201505-491 // NVD: CVE-2015-3165

CREDITS

Benkocs Norbert Attila

Trust: 0.9

sources: BID: 74787 // CNNVD: CNNVD-201505-491

SOURCES

db:VULHUBid:VHN-81126
db:BIDid:74787
db:JVNDBid:JVNDB-2015-002844
db:PACKETSTORMid:132502
db:PACKETSTORMid:132018
db:PACKETSTORMid:132501
db:PACKETSTORMid:132047
db:PACKETSTORMid:132499
db:PACKETSTORMid:133619
db:PACKETSTORMid:132741
db:CNNVDid:CNNVD-201505-491
db:NVDid:CVE-2015-3165

LAST UPDATE DATE

2024-09-01T21:51:34.784000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81126date:2018-01-05T00:00:00
db:BIDid:74787date:2015-11-03T19:43:00
db:JVNDBid:JVNDB-2015-002844date:2015-10-05T00:00:00
db:CNNVDid:CNNVD-201505-491date:2015-05-29T00:00:00
db:NVDid:CVE-2015-3165date:2018-01-05T02:30:05.167

SOURCES RELEASE DATE

db:VULHUBid:VHN-81126date:2015-05-28T00:00:00
db:BIDid:74787date:2015-05-22T00:00:00
db:JVNDBid:JVNDB-2015-002844date:2015-06-01T00:00:00
db:PACKETSTORMid:132502date:2015-06-30T00:15:36
db:PACKETSTORMid:132018date:2015-05-22T22:22:00
db:PACKETSTORMid:132501date:2015-06-30T00:15:27
db:PACKETSTORMid:132047date:2015-05-26T07:26:18
db:PACKETSTORMid:132499date:2015-06-30T00:15:10
db:PACKETSTORMid:133619date:2015-09-19T15:37:27
db:PACKETSTORMid:132741date:2015-07-20T15:45:21
db:CNNVDid:CNNVD-201505-491date:2015-05-25T00:00:00
db:NVDid:CVE-2015-3165date:2015-05-28T14:59:06.283