DSA-3269-2 postgresql-9.1 -- postgresql-9.1ID: oval:org.secpod.oval:def:602124 | Date: (C)2015-06-04 (M)2023-07-28 |
Class: PATCH | Family: unix |
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional information: https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug For reference, the original advisory text follows. Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure CVE-2015-3167 In contrib/pgcrypto, some cases of decryption with an incorrect key could report other error message texts. Fix by using a one-size-fits-all message.