DSA-3270-1 postgresql-9.4 -- postgresql-9.4ID: oval:org.secpod.oval:def:602111 | Date: (C)2015-06-04 (M)2023-07-28 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure. CVE-2015-3167 In contrib/pgcrypto, some cases of decryption with an incorrect key could report other error message texts. Fix by using a one-size-fits-all message.