Bug 1221537 (CVE-2015-3165)
| Summary: | CVE-2015-3165 postgresql: double-free after authentication timeout | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | apatters, bkearney, cperry, dajohnso, databases-maint, dclarizi, devrim, ggainey, gmccullo, hhorak, jhardy, jmlich, jorton, jprause, jstanek, jvlcek, kseifried, mdshaikh, meissner, mkollar, mmaslano, mprpic, obarenbo, praiskup, security-response-team, taw, tgl, thomas, tjay, xlecauch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20 | Doc Type: | Bug Fix |
| Doc Text: |
A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-10 04:31:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1224319, 1224320, 1225794, 1225795, 1225797, 1225798, 1225799, 1232680, 1232685 | ||
| Bug Blocks: | 1221543 | ||
|
Description
Martin Prpič
2015-05-14 10:12:41 UTC
Public via: http://www.postgresql.org/about/news/1587/ Please note that PostgreSQL community is releasing new versions on 4th of July which fixes a critical startup issue, and also there is another release pending next week to fix data corruption issues. (In reply to Devrim GÜNDÜZ from comment #8) > Please note that PostgreSQL community is releasing new versions on 4th of > July which fixes a critical startup issue, and also there is another release > pending next week to fix data corruption issues. Sorry, I meant June. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1196 https://rhn.redhat.com/errata/RHSA-2015-1196.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1195 https://rhn.redhat.com/errata/RHSA-2015-1195.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:1194 https://rhn.redhat.com/errata/RHSA-2015-1194.html Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. |