var-201505-0062
Vulnerability from variot
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. PostgreSQL Has a deficiency in freeing up memory twice, causing service disruption ( crash ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. PostgreSQL is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, etc. The following versions are affected: PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, 9.4 prior to 9.4.2. x version.
CVE-2015-3166 (Information exposure)
The replacement implementation of snprintf() failed to check for
errors reported by the underlying system library calls; the main
case that might be missed is out-of-memory situations. In the worst
case this might lead to information exposure. Fix by using a
one-size-fits-all message.
For the stable distribution (jessie), these problems have been fixed in version 9.4.2-0+deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 9.4.2-1.
We recommend that you upgrade your postgresql-9.4 packages. ============================================================================ Ubuntu Security Notice USN-2621-1 May 25, 2015
postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PostgreSQL. (CVE-2015-3167)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: postgresql-9.4 9.4.2-0ubuntu0.15.04
Ubuntu 14.10: postgresql-9.4 9.4.2-0ubuntu0.14.10
Ubuntu 14.04 LTS: postgresql-9.3 9.3.7-0ubuntu0.14.04
Ubuntu 12.04 LTS: postgresql-9.1 9.1.16-0ubuntu0.12.04
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2015:1194-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1194.html Issue date: 2015-06-29 CVE Names: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 =====================================================================
- Summary:
Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. (CVE-2015-3165)
It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. (CVE-2015-3166)
It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This can help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. (CVE-2015-3167)
Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Benkocs Norbert Attila as the original reporter of CVE-2015-3165 and Noah Misch as the original reporter of CVE-2015-3166 and CVE-2015-3167.
All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1221537 - CVE-2015-3165 postgresql: double-free after authentication timeout 1221539 - CVE-2015-3166 postgresql: unanticipated errors from the standard library 1221541 - CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: postgresql-8.4.20-3.el6_6.src.rpm
i386: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm
x86_64: postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm
x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: postgresql-8.4.20-3.el6_6.src.rpm
x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: postgresql-8.4.20-3.el6_6.src.rpm
i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm
ppc64: postgresql-8.4.20-3.el6_6.ppc.rpm postgresql-8.4.20-3.el6_6.ppc64.rpm postgresql-contrib-8.4.20-3.el6_6.ppc64.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc.rpm postgresql-debuginfo-8.4.20-3.el6_6.ppc64.rpm postgresql-devel-8.4.20-3.el6_6.ppc.rpm postgresql-devel-8.4.20-3.el6_6.ppc64.rpm postgresql-docs-8.4.20-3.el6_6.ppc64.rpm postgresql-libs-8.4.20-3.el6_6.ppc.rpm postgresql-libs-8.4.20-3.el6_6.ppc64.rpm postgresql-plperl-8.4.20-3.el6_6.ppc64.rpm postgresql-plpython-8.4.20-3.el6_6.ppc64.rpm postgresql-pltcl-8.4.20-3.el6_6.ppc64.rpm postgresql-server-8.4.20-3.el6_6.ppc64.rpm postgresql-test-8.4.20-3.el6_6.ppc64.rpm
s390x: postgresql-8.4.20-3.el6_6.s390.rpm postgresql-8.4.20-3.el6_6.s390x.rpm postgresql-contrib-8.4.20-3.el6_6.s390x.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390.rpm postgresql-debuginfo-8.4.20-3.el6_6.s390x.rpm postgresql-devel-8.4.20-3.el6_6.s390.rpm postgresql-devel-8.4.20-3.el6_6.s390x.rpm postgresql-docs-8.4.20-3.el6_6.s390x.rpm postgresql-libs-8.4.20-3.el6_6.s390.rpm postgresql-libs-8.4.20-3.el6_6.s390x.rpm postgresql-plperl-8.4.20-3.el6_6.s390x.rpm postgresql-plpython-8.4.20-3.el6_6.s390x.rpm postgresql-pltcl-8.4.20-3.el6_6.s390x.rpm postgresql-server-8.4.20-3.el6_6.s390x.rpm postgresql-test-8.4.20-3.el6_6.s390x.rpm
x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: postgresql-8.4.20-3.el6_6.src.rpm
i386: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-contrib-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-docs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-plperl-8.4.20-3.el6_6.i686.rpm postgresql-plpython-8.4.20-3.el6_6.i686.rpm postgresql-pltcl-8.4.20-3.el6_6.i686.rpm postgresql-server-8.4.20-3.el6_6.i686.rpm postgresql-test-8.4.20-3.el6_6.i686.rpm
x86_64: postgresql-8.4.20-3.el6_6.i686.rpm postgresql-8.4.20-3.el6_6.x86_64.rpm postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm postgresql-debuginfo-8.4.20-3.el6_6.i686.rpm postgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm postgresql-devel-8.4.20-3.el6_6.i686.rpm postgresql-devel-8.4.20-3.el6_6.x86_64.rpm postgresql-docs-8.4.20-3.el6_6.x86_64.rpm postgresql-libs-8.4.20-3.el6_6.i686.rpm postgresql-libs-8.4.20-3.el6_6.x86_64.rpm postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm postgresql-server-8.4.20-3.el6_6.x86_64.rpm postgresql-test-8.4.20-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: postgresql-9.2.13-1.el7_1.src.rpm
x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: postgresql-9.2.13-1.el7_1.src.rpm
x86_64: postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: postgresql-9.2.13-1.el7_1.src.rpm
ppc64: postgresql-9.2.13-1.el7_1.ppc.rpm postgresql-9.2.13-1.el7_1.ppc64.rpm postgresql-contrib-9.2.13-1.el7_1.ppc64.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc.rpm postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-devel-9.2.13-1.el7_1.ppc.rpm postgresql-devel-9.2.13-1.el7_1.ppc64.rpm postgresql-docs-9.2.13-1.el7_1.ppc64.rpm postgresql-libs-9.2.13-1.el7_1.ppc.rpm postgresql-libs-9.2.13-1.el7_1.ppc64.rpm postgresql-plperl-9.2.13-1.el7_1.ppc64.rpm postgresql-plpython-9.2.13-1.el7_1.ppc64.rpm postgresql-pltcl-9.2.13-1.el7_1.ppc64.rpm postgresql-server-9.2.13-1.el7_1.ppc64.rpm postgresql-test-9.2.13-1.el7_1.ppc64.rpm
s390x: postgresql-9.2.13-1.el7_1.s390.rpm postgresql-9.2.13-1.el7_1.s390x.rpm postgresql-contrib-9.2.13-1.el7_1.s390x.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390.rpm postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-devel-9.2.13-1.el7_1.s390.rpm postgresql-devel-9.2.13-1.el7_1.s390x.rpm postgresql-docs-9.2.13-1.el7_1.s390x.rpm postgresql-libs-9.2.13-1.el7_1.s390.rpm postgresql-libs-9.2.13-1.el7_1.s390x.rpm postgresql-plperl-9.2.13-1.el7_1.s390x.rpm postgresql-plpython-9.2.13-1.el7_1.s390x.rpm postgresql-pltcl-9.2.13-1.el7_1.s390x.rpm postgresql-server-9.2.13-1.el7_1.s390x.rpm postgresql-test-9.2.13-1.el7_1.s390x.rpm
x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: postgresql-9.2.13-1.ael7b_1.src.rpm
ppc64le: postgresql-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-contrib-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-devel-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-docs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-libs-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plperl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-plpython-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-pltcl-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-server-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-test-9.2.13-1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: postgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm postgresql-upgrade-9.2.13-1.el7_1.ppc64.rpm
s390x: postgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm postgresql-upgrade-9.2.13-1.el7_1.s390x.rpm
x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: postgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm postgresql-upgrade-9.2.13-1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: postgresql-9.2.13-1.el7_1.src.rpm
x86_64: postgresql-9.2.13-1.el7_1.i686.rpm postgresql-9.2.13-1.el7_1.x86_64.rpm postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm postgresql-debuginfo-9.2.13-1.el7_1.i686.rpm postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-devel-9.2.13-1.el7_1.i686.rpm postgresql-devel-9.2.13-1.el7_1.x86_64.rpm postgresql-docs-9.2.13-1.el7_1.x86_64.rpm postgresql-libs-9.2.13-1.el7_1.i686.rpm postgresql-libs-9.2.13-1.el7_1.x86_64.rpm postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm postgresql-server-9.2.13-1.el7_1.x86_64.rpm postgresql-test-9.2.13-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: postgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3165 https://access.redhat.com/security/cve/CVE-2015-3166 https://access.redhat.com/security/cve/CVE-2015-3167 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVkXYEXlSAg2UNWIIRAqPyAJ4+oNPb8x+Rv86xVfq+hr0l7wvbBgCgrstj JLgqt0VKrW96edx3scvrmV0= =I50/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
OS X Server 5.0.3 is now available and addresses the following:
apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185
BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167
Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center
OS X Server 5.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-20
https://security.gentoo.org/
Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: July 18, 2015 Bugs: #539018, #550172 ID: 201507-20
Synopsis
Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/postgresql < 9.4.3 >= 9.0.21 >= 9.1.17 >= 9.2.12 >= 9.3.8 >= 9.4.3
Description
Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL 9.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21"
All PostgreSQL 9.1.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17"
All PostgreSQL 9.2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12"
All PostgreSQL 9.3.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8"
All PostgreSQL 9.4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3"
References
[ 1 ] CVE-2014-8161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8161 [ 2 ] CVE-2015-0241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0241 [ 3 ] CVE-2015-0242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0242 [ 4 ] CVE-2015-0243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0243 [ 5 ] CVE-2015-0244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0244 [ 6 ] CVE-2015-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3165 [ 7 ] CVE-2015-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166 [ 8 ] CVE-2015-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3167
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0062", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.1" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.4" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.4.0" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.2" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.3" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.4.1" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.5" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.2.8" }, { "model": "postgresql", "scope": "eq", "trust": 1.6, "vendor": "postgresql", "version": "9.3.6" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.8" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.6" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.1" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.2" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.5" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.4" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.9" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.6" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.9" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.13" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.12" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.5" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.15" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.10" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.10" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0.2" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.10" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.4" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.11" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.7" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2.3" }, { "model": "postgresql", "scope": "lte", "trust": 1.0, "vendor": "postgresql", "version": "9.0.19" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.7" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.2" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.3" }, { "model": "postgresql", "scope": "eq", "trust": 1.0, "vendor": "postgresql", "version": "9.1.14" }, { "model": "postgresql", "scope": "lt", "trust": 0.8, "vendor": "postgresql", "version": "9.4.x" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.04" }, { "model": "postgresql", "scope": "eq", "trust": 0.8, "vendor": "postgresql", "version": "9.3.7" }, { "model": "postgresql", "scope": "eq", "trust": 0.8, "vendor": "postgresql", "version": "9.2.11" }, { "model": "postgresql", "scope": "lt", "trust": 0.8, "vendor": "postgresql", "version": "9.3.x" }, { "model": "postgresql", "scope": "eq", "trust": 0.8, "vendor": "postgresql", "version": "9.1.16" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "12.04 lts" }, { "model": "postgresql", "scope": "eq", "trust": 0.8, "vendor": "postgresql", "version": "9.4.2" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "macos server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "5.0.3" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "postgresql", "scope": "lt", "trust": 0.8, "vendor": "postgresql", "version": "9.2.x" }, { "model": "postgresql", "scope": "lt", "trust": 0.8, "vendor": "postgresql", "version": "9.1.x" }, { "model": "macos server", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "(os x yosemite v10.10.5 or later )" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.10" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" } ], "sources": [ { "db": "BID", "id": "74787" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "CNNVD", "id": "CNNVD-201505-491" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.19", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3165" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benkocs Norbert Attila", "sources": [ { "db": "BID", "id": "74787" }, { "db": "CNNVD", "id": "CNNVD-201505-491" } ], "trust": 0.9 }, "cve": "CVE-2015-3165", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3165", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-81126", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-3165", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201505-491", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81126", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-81126" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "CNNVD", "id": "CNNVD-201505-491" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. PostgreSQL Has a deficiency in freeing up memory twice, causing service disruption ( crash ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. PostgreSQL is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the application, denying service to legitimate users. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, etc. The following versions are affected: PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, 9.4 prior to 9.4.2. x version. \n\nCVE-2015-3166 (Information exposure)\n\n The replacement implementation of snprintf() failed to check for\n errors reported by the underlying system library calls; the main\n case that might be missed is out-of-memory situations. In the worst\n case this might lead to information exposure. Fix by using a\n one-size-fits-all message. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 9.4.2-0+deb8u1. \n\nFor the testing distribution (stretch), these problems will be fixed\nsoon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.4.2-1. \n\nWe recommend that you upgrade your postgresql-9.4 packages. ============================================================================\nUbuntu Security Notice USN-2621-1\nMay 25, 2015\n\npostgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PostgreSQL. (CVE-2015-3167)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n postgresql-9.4 9.4.2-0ubuntu0.15.04\n\nUbuntu 14.10:\n postgresql-9.4 9.4.2-0ubuntu0.14.10\n\nUbuntu 14.04 LTS:\n postgresql-9.3 9.3.7-0ubuntu0.14.04\n\nUbuntu 12.04 LTS:\n postgresql-9.1 9.1.16-0ubuntu0.12.04\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: postgresql security update\nAdvisory ID: RHSA-2015:1194-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1194.html\nIssue date: 2015-06-29\nCVE Names: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 \n=====================================================================\n\n1. Summary:\n\nUpdated postgresql packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). \n\nA double-free flaw was found in the connection handling. An unauthenticated\nattacker could exploit this flaw to crash the PostgreSQL back end by\ndisconnecting at approximately the same time as the authentication time out\nis triggered. (CVE-2015-3165)\n\nIt was discovered that PostgreSQL did not properly check the return values\nof certain standard library functions. If the system is in a state that\nwould cause the standard library functions to fail, for example memory\nexhaustion, an authenticated user could exploit this flaw to disclose\npartial memory contents or cause the GSSAPI authentication to use an\nincorrect keytab file. (CVE-2015-3166)\n\nIt was discovered that the pgcrypto module could return different error\nmessages when decrypting certain data with an incorrect key. This can help\nan authenticated user to launch a possible cryptographic attack, although\nno suitable attack is currently known. (CVE-2015-3167)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Benkocs Norbert Attila as the original\nreporter of CVE-2015-3165 and Noah Misch as the original reporter of\nCVE-2015-3166 and CVE-2015-3167. \n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the\npostgresql service is running, it will be automatically restarted after\ninstalling this update. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1221537 - CVE-2015-3165 postgresql: double-free after authentication timeout\n1221539 - CVE-2015-3166 postgresql: unanticipated errors from the standard library\n1221541 - CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key. \n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\npostgresql-8.4.20-3.el6_6.src.rpm\n\ni386:\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\n\nx86_64:\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-contrib-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-docs-8.4.20-3.el6_6.i686.rpm\npostgresql-plperl-8.4.20-3.el6_6.i686.rpm\npostgresql-plpython-8.4.20-3.el6_6.i686.rpm\npostgresql-pltcl-8.4.20-3.el6_6.i686.rpm\npostgresql-server-8.4.20-3.el6_6.i686.rpm\npostgresql-test-8.4.20-3.el6_6.i686.rpm\n\nx86_64:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-8.4.20-3.el6_6.x86_64.rpm\npostgresql-contrib-8.4.20-3.el6_6.x86_64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.x86_64.rpm\npostgresql-docs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plperl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plpython-8.4.20-3.el6_6.x86_64.rpm\npostgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-server-8.4.20-3.el6_6.x86_64.rpm\npostgresql-test-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\npostgresql-8.4.20-3.el6_6.src.rpm\n\nx86_64:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-8.4.20-3.el6_6.x86_64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\npostgresql-contrib-8.4.20-3.el6_6.x86_64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.x86_64.rpm\npostgresql-docs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plperl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plpython-8.4.20-3.el6_6.x86_64.rpm\npostgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-server-8.4.20-3.el6_6.x86_64.rpm\npostgresql-test-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\npostgresql-8.4.20-3.el6_6.src.rpm\n\ni386:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-contrib-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-docs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-plperl-8.4.20-3.el6_6.i686.rpm\npostgresql-plpython-8.4.20-3.el6_6.i686.rpm\npostgresql-pltcl-8.4.20-3.el6_6.i686.rpm\npostgresql-server-8.4.20-3.el6_6.i686.rpm\npostgresql-test-8.4.20-3.el6_6.i686.rpm\n\nppc64:\npostgresql-8.4.20-3.el6_6.ppc.rpm\npostgresql-8.4.20-3.el6_6.ppc64.rpm\npostgresql-contrib-8.4.20-3.el6_6.ppc64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.ppc.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.ppc64.rpm\npostgresql-devel-8.4.20-3.el6_6.ppc.rpm\npostgresql-devel-8.4.20-3.el6_6.ppc64.rpm\npostgresql-docs-8.4.20-3.el6_6.ppc64.rpm\npostgresql-libs-8.4.20-3.el6_6.ppc.rpm\npostgresql-libs-8.4.20-3.el6_6.ppc64.rpm\npostgresql-plperl-8.4.20-3.el6_6.ppc64.rpm\npostgresql-plpython-8.4.20-3.el6_6.ppc64.rpm\npostgresql-pltcl-8.4.20-3.el6_6.ppc64.rpm\npostgresql-server-8.4.20-3.el6_6.ppc64.rpm\npostgresql-test-8.4.20-3.el6_6.ppc64.rpm\n\ns390x:\npostgresql-8.4.20-3.el6_6.s390.rpm\npostgresql-8.4.20-3.el6_6.s390x.rpm\npostgresql-contrib-8.4.20-3.el6_6.s390x.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.s390.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.s390x.rpm\npostgresql-devel-8.4.20-3.el6_6.s390.rpm\npostgresql-devel-8.4.20-3.el6_6.s390x.rpm\npostgresql-docs-8.4.20-3.el6_6.s390x.rpm\npostgresql-libs-8.4.20-3.el6_6.s390.rpm\npostgresql-libs-8.4.20-3.el6_6.s390x.rpm\npostgresql-plperl-8.4.20-3.el6_6.s390x.rpm\npostgresql-plpython-8.4.20-3.el6_6.s390x.rpm\npostgresql-pltcl-8.4.20-3.el6_6.s390x.rpm\npostgresql-server-8.4.20-3.el6_6.s390x.rpm\npostgresql-test-8.4.20-3.el6_6.s390x.rpm\n\nx86_64:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-8.4.20-3.el6_6.x86_64.rpm\npostgresql-contrib-8.4.20-3.el6_6.x86_64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.x86_64.rpm\npostgresql-docs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plperl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plpython-8.4.20-3.el6_6.x86_64.rpm\npostgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-server-8.4.20-3.el6_6.x86_64.rpm\npostgresql-test-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\npostgresql-8.4.20-3.el6_6.src.rpm\n\ni386:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-contrib-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-docs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-plperl-8.4.20-3.el6_6.i686.rpm\npostgresql-plpython-8.4.20-3.el6_6.i686.rpm\npostgresql-pltcl-8.4.20-3.el6_6.i686.rpm\npostgresql-server-8.4.20-3.el6_6.i686.rpm\npostgresql-test-8.4.20-3.el6_6.i686.rpm\n\nx86_64:\npostgresql-8.4.20-3.el6_6.i686.rpm\npostgresql-8.4.20-3.el6_6.x86_64.rpm\npostgresql-contrib-8.4.20-3.el6_6.x86_64.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.i686.rpm\npostgresql-debuginfo-8.4.20-3.el6_6.x86_64.rpm\npostgresql-devel-8.4.20-3.el6_6.i686.rpm\npostgresql-devel-8.4.20-3.el6_6.x86_64.rpm\npostgresql-docs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-libs-8.4.20-3.el6_6.i686.rpm\npostgresql-libs-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plperl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-plpython-8.4.20-3.el6_6.x86_64.rpm\npostgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm\npostgresql-server-8.4.20-3.el6_6.x86_64.rpm\npostgresql-test-8.4.20-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\npostgresql-9.2.13-1.el7_1.src.rpm\n\nx86_64:\npostgresql-9.2.13-1.el7_1.i686.rpm\npostgresql-9.2.13-1.el7_1.x86_64.rpm\npostgresql-contrib-9.2.13-1.el7_1.x86_64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.i686.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-devel-9.2.13-1.el7_1.i686.rpm\npostgresql-devel-9.2.13-1.el7_1.x86_64.rpm\npostgresql-docs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-libs-9.2.13-1.el7_1.i686.rpm\npostgresql-libs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plperl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plpython-9.2.13-1.el7_1.x86_64.rpm\npostgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-server-9.2.13-1.el7_1.x86_64.rpm\npostgresql-test-9.2.13-1.el7_1.x86_64.rpm\npostgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\npostgresql-9.2.13-1.el7_1.src.rpm\n\nx86_64:\npostgresql-9.2.13-1.el7_1.x86_64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.i686.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-libs-9.2.13-1.el7_1.i686.rpm\npostgresql-libs-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\npostgresql-9.2.13-1.el7_1.i686.rpm\npostgresql-contrib-9.2.13-1.el7_1.x86_64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.i686.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-devel-9.2.13-1.el7_1.i686.rpm\npostgresql-devel-9.2.13-1.el7_1.x86_64.rpm\npostgresql-docs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plperl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plpython-9.2.13-1.el7_1.x86_64.rpm\npostgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-server-9.2.13-1.el7_1.x86_64.rpm\npostgresql-test-9.2.13-1.el7_1.x86_64.rpm\npostgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npostgresql-9.2.13-1.el7_1.src.rpm\n\nppc64:\npostgresql-9.2.13-1.el7_1.ppc.rpm\npostgresql-9.2.13-1.el7_1.ppc64.rpm\npostgresql-contrib-9.2.13-1.el7_1.ppc64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.ppc.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm\npostgresql-devel-9.2.13-1.el7_1.ppc.rpm\npostgresql-devel-9.2.13-1.el7_1.ppc64.rpm\npostgresql-docs-9.2.13-1.el7_1.ppc64.rpm\npostgresql-libs-9.2.13-1.el7_1.ppc.rpm\npostgresql-libs-9.2.13-1.el7_1.ppc64.rpm\npostgresql-plperl-9.2.13-1.el7_1.ppc64.rpm\npostgresql-plpython-9.2.13-1.el7_1.ppc64.rpm\npostgresql-pltcl-9.2.13-1.el7_1.ppc64.rpm\npostgresql-server-9.2.13-1.el7_1.ppc64.rpm\npostgresql-test-9.2.13-1.el7_1.ppc64.rpm\n\ns390x:\npostgresql-9.2.13-1.el7_1.s390.rpm\npostgresql-9.2.13-1.el7_1.s390x.rpm\npostgresql-contrib-9.2.13-1.el7_1.s390x.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.s390.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm\npostgresql-devel-9.2.13-1.el7_1.s390.rpm\npostgresql-devel-9.2.13-1.el7_1.s390x.rpm\npostgresql-docs-9.2.13-1.el7_1.s390x.rpm\npostgresql-libs-9.2.13-1.el7_1.s390.rpm\npostgresql-libs-9.2.13-1.el7_1.s390x.rpm\npostgresql-plperl-9.2.13-1.el7_1.s390x.rpm\npostgresql-plpython-9.2.13-1.el7_1.s390x.rpm\npostgresql-pltcl-9.2.13-1.el7_1.s390x.rpm\npostgresql-server-9.2.13-1.el7_1.s390x.rpm\npostgresql-test-9.2.13-1.el7_1.s390x.rpm\n\nx86_64:\npostgresql-9.2.13-1.el7_1.i686.rpm\npostgresql-9.2.13-1.el7_1.x86_64.rpm\npostgresql-contrib-9.2.13-1.el7_1.x86_64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.i686.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-devel-9.2.13-1.el7_1.i686.rpm\npostgresql-devel-9.2.13-1.el7_1.x86_64.rpm\npostgresql-docs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-libs-9.2.13-1.el7_1.i686.rpm\npostgresql-libs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plperl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plpython-9.2.13-1.el7_1.x86_64.rpm\npostgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-server-9.2.13-1.el7_1.x86_64.rpm\npostgresql-test-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npostgresql-9.2.13-1.ael7b_1.src.rpm\n\nppc64le:\npostgresql-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-contrib-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-devel-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-docs-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-libs-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-plperl-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-plpython-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-pltcl-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-server-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-test-9.2.13-1.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\npostgresql-debuginfo-9.2.13-1.el7_1.ppc64.rpm\npostgresql-upgrade-9.2.13-1.el7_1.ppc64.rpm\n\ns390x:\npostgresql-debuginfo-9.2.13-1.el7_1.s390x.rpm\npostgresql-upgrade-9.2.13-1.el7_1.s390x.rpm\n\nx86_64:\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\npostgresql-debuginfo-9.2.13-1.ael7b_1.ppc64le.rpm\npostgresql-upgrade-9.2.13-1.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\npostgresql-9.2.13-1.el7_1.src.rpm\n\nx86_64:\npostgresql-9.2.13-1.el7_1.i686.rpm\npostgresql-9.2.13-1.el7_1.x86_64.rpm\npostgresql-contrib-9.2.13-1.el7_1.x86_64.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.i686.rpm\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-devel-9.2.13-1.el7_1.i686.rpm\npostgresql-devel-9.2.13-1.el7_1.x86_64.rpm\npostgresql-docs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-libs-9.2.13-1.el7_1.i686.rpm\npostgresql-libs-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plperl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-plpython-9.2.13-1.el7_1.x86_64.rpm\npostgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm\npostgresql-server-9.2.13-1.el7_1.x86_64.rpm\npostgresql-test-9.2.13-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\npostgresql-debuginfo-9.2.13-1.el7_1.x86_64.rpm\npostgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3165\nhttps://access.redhat.com/security/cve/CVE-2015-3166\nhttps://access.redhat.com/security/cve/CVE-2015-3167\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVkXYEXlSAg2UNWIIRAqPyAJ4+oNPb8x+Rv86xVfq+hr0l7wvbBgCgrstj\nJLgqt0VKrW96edx3scvrmV0=\n=I50/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-4 OS X Server 5.0.3\n\nOS X Server 5.0.3 is now available and addresses the following:\n\napache\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in Apache, the most serious of\nwhich may allow a remote attacker to cause a denial of service\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.16. These issues were addressed by updating Apache to\nversion 2.4.16. \nCVE-ID\nCVE-2013-5704\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\nBIND\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in BIND, the most severe of which\nmay allow a remote attacker to cause a denial of service\nDescription: Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7. These issues were addressed by updating BIND to version\n9.9.7. These issues were addressed by updating PostgreSQL to\nversion 9.3.9. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\nCVE-2015-3165\nCVE-2015-3166\nCVE-2015-3167\n\nWiki Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple XML security issues in Wiki Server\nDescription: Multiple XML vulnerabilities existed in Wiki Server\nbased on Twisted. This issue was addressed by removing Twisted. \nCVE-ID\nCVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research\nCenter\n\n\nOS X Server 5.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201507-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PostgreSQL: Multiple vulnerabilities\n Date: July 18, 2015\n Bugs: #539018, #550172\n ID: 201507-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PostgreSQL, the worst of\nwhich could result in execution of arbitrary code or privilege\nescalation. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/postgresql \u003c 9.4.3 *\u003e= 9.0.21 \n *\u003e= 9.1.17 \n *\u003e= 9.2.12 \n *\u003e= 9.3.8 \n \u003e= 9.4.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition or\nescalate privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PostgreSQL 9.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.0.21\"\n\nAll PostgreSQL 9.1.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.1.17\"\n\nAll PostgreSQL 9.2.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.2.12\"\n\nAll PostgreSQL 9.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.3.8\"\n\nAll PostgreSQL 9.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.4.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8161\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8161\n[ 2 ] CVE-2015-0241\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0241\n[ 3 ] CVE-2015-0242\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0242\n[ 4 ] CVE-2015-0243\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0243\n[ 5 ] CVE-2015-0244\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0244\n[ 6 ] CVE-2015-3165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3165\n[ 7 ] CVE-2015-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166\n[ 8 ] CVE-2015-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3167\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-20\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3165" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "BID", "id": "74787" }, { "db": "VULHUB", "id": "VHN-81126" }, { "db": "PACKETSTORM", "id": "132502" }, { "db": "PACKETSTORM", "id": "132018" }, { "db": "PACKETSTORM", "id": "132501" }, { "db": "PACKETSTORM", "id": "132047" }, { "db": "PACKETSTORM", "id": "132499" }, { "db": "PACKETSTORM", "id": "133619" }, { "db": "PACKETSTORM", "id": "132741" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-81126", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-81126" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3165", "trust": 3.5 }, { "db": "BID", "id": "74787", "trust": 2.0 }, { "db": "JVN", "id": "JVNVU99970459", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-002844", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201505-491", "trust": 0.7 }, { "db": "SECUNIA", "id": "64714", "trust": 0.6 }, { "db": "SECUNIA", "id": "64566", "trust": 0.6 }, { "db": "SECUNIA", "id": "64733", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "132499", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132501", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132018", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132502", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132047", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81126", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133619", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132741", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81126" }, { "db": "BID", "id": "74787" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "PACKETSTORM", "id": "132502" }, { "db": "PACKETSTORM", "id": "132018" }, { "db": "PACKETSTORM", "id": "132501" }, { "db": "PACKETSTORM", "id": "132047" }, { "db": "PACKETSTORM", "id": "132499" }, { "db": "PACKETSTORM", "id": "133619" }, { "db": "PACKETSTORM", "id": "132741" }, { "db": "CNNVD", "id": "CNNVD-201505-491" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "id": "VAR-201505-0062", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-81126" } ], "trust": 0.01 }, "last_update_date": "2024-01-19T19:26:48.820000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-09-16-4 OS X Server 5.0.3", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html" }, { "title": "HT205219", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205219" }, { "title": "HT205219", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht205219" }, { "title": "DSA-3269", "trust": 0.8, "url": "https://www.debian.org/security/2015/dsa-3269" }, { "title": "DSA-3270", "trust": 0.8, "url": "https://www.debian.org/security/2015/dsa-3270" }, { "title": "PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 released!", "trust": 0.8, "url": "http://www.postgresql.org/about/news/1587/" }, { "title": "Release 9.3.7", "trust": 0.8, "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html" }, { "title": "Release 9.0.20", "trust": 0.8, "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html" }, { "title": "Release 9.1.16", "trust": 0.8, "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html" }, { "title": "Release 9.4.2", "trust": 0.8, "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html" }, { "title": "Release 9.2.11", "trust": 0.8, "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html" }, { "title": "USN-2621-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2621-1/" }, { "title": "postgresql-9.0.20-1-windows", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55905" }, { "title": "postgresql-9.1.16-1-linux", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55909" }, { "title": "postgresql-9.2.11-1-osx", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55913" }, { "title": "postgresql-9.4.2-1-windows", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55917" }, { "title": "postgresql-9.1.16-1-windows", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55908" }, { "title": "postgresql-9.2.11-1-linux", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55912" }, { "title": "postgresql-9.3.7-1-osx", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55916" }, { "title": "postgresql-9.0.20-1-osx", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55907" }, { "title": "postgresql-9.2.11-1-windows", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55911" }, { "title": "postgresql-9.3.7-1-linux", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55915" }, { "title": "postgresql-9.4.2-1-osx", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55919" }, { "title": "postgresql-9.0.20-1-linux", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55906" }, { "title": "postgresql-9.1.16-1-osx", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55910" }, { "title": "postgresql-9.3.7-1-windows", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55914" }, { "title": "postgresql-9.4.2-1-linux", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55918" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "CNNVD", "id": "CNNVD-201505-491" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.postgresql.org/about/news/1587/" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2621-1" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/74787" }, { "trust": 1.7, "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html" }, { "trust": 1.7, "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html" }, { "trust": 1.7, "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html" }, { "trust": 1.7, "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html" }, { "trust": 1.7, "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3269" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3270" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-1194.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-1195.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-1196.html" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201507-20" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht205219" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3165" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99970459/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3165" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3165" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3166" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3167" }, { "trust": 0.6, "url": "http://secunia.com/advisories/64566" }, { "trust": 0.6, "url": "http://secunia.com/advisories/64714" }, { "trust": 0.6, "url": "http://secunia.com/advisories/64733" }, { "trust": 0.3, "url": "http://www.postgresql.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-3165" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960649" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-3167" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-3165" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-3166" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0242" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0241" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0243" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0244" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.14.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.16-0ubuntu0.12.04" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.7-0ubuntu0.14.04" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.2-0ubuntu0.15.04" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8500" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0253" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5911" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8161" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3166" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0243" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0241" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3165" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3167" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0242" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0244" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULHUB", "id": "VHN-81126" }, { "db": "BID", "id": "74787" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "PACKETSTORM", "id": "132502" }, { "db": "PACKETSTORM", "id": "132018" }, { "db": "PACKETSTORM", "id": "132501" }, { "db": "PACKETSTORM", "id": "132047" }, { "db": "PACKETSTORM", "id": "132499" }, { "db": "PACKETSTORM", "id": "133619" }, { "db": "PACKETSTORM", "id": "132741" }, { "db": "CNNVD", "id": "CNNVD-201505-491" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-81126" }, { "db": "BID", "id": "74787" }, { "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "db": "PACKETSTORM", "id": "132502" }, { "db": "PACKETSTORM", "id": "132018" }, { "db": "PACKETSTORM", "id": "132501" }, { "db": "PACKETSTORM", "id": "132047" }, { "db": "PACKETSTORM", "id": "132499" }, { "db": "PACKETSTORM", "id": "133619" }, { "db": "PACKETSTORM", "id": "132741" }, { "db": "CNNVD", "id": "CNNVD-201505-491" }, { "db": "NVD", "id": "CVE-2015-3165" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-28T00:00:00", "db": "VULHUB", "id": "VHN-81126" }, { "date": "2015-05-22T00:00:00", "db": "BID", "id": "74787" }, { "date": "2015-06-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "date": "2015-06-30T00:15:36", "db": "PACKETSTORM", "id": "132502" }, { "date": "2015-05-22T22:22:00", "db": "PACKETSTORM", "id": "132018" }, { "date": "2015-06-30T00:15:27", "db": "PACKETSTORM", "id": "132501" }, { "date": "2015-05-26T07:26:18", "db": "PACKETSTORM", "id": "132047" }, { "date": "2015-06-30T00:15:10", "db": "PACKETSTORM", "id": "132499" }, { "date": "2015-09-19T15:37:27", "db": "PACKETSTORM", "id": "133619" }, { "date": "2015-07-20T15:45:21", "db": "PACKETSTORM", "id": "132741" }, { "date": "2015-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201505-491" }, { "date": "2015-05-28T14:59:06.283000", "db": "NVD", "id": "CVE-2015-3165" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-81126" }, { "date": "2015-11-03T19:43:00", "db": "BID", "id": "74787" }, { "date": "2015-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002844" }, { "date": "2015-05-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201505-491" }, { "date": "2018-01-05T02:30:05.167000", "db": "NVD", "id": "CVE-2015-3165" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "132047" }, { "db": "CNNVD", "id": "CNNVD-201505-491" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "PostgreSQL Memory double free vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002844" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "74787" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.