Bug 1221539 (CVE-2015-3166)
| Summary: | CVE-2015-3166 postgresql: unanticipated errors from the standard library | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | apatters, bkearney, cperry, dajohnso, databases-maint, dclarizi, devrim, ggainey, gmccullo, hhorak, jhardy, jmlich, jorton, jprause, jstanek, jvlcek, kseifried, mdshaikh, meissner, mkollar, mmaslano, obarenbo, praiskup, security-response-team, taw, tgl, thomas, tjay, xlecauch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20 | Doc Type: | Bug Fix |
| Doc Text: |
It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-10 04:31:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1224319, 1224320, 1225794, 1225795, 1225797, 1225798, 1225799, 1232680, 1232685 | ||
| Bug Blocks: | 1221543 | ||
|
Description
Martin Prpič
2015-05-14 10:18:55 UTC
Public via: http://www.postgresql.org/about/news/1587/ All related upstream commit: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=16304a013432931e61e623c8d85e9fe24709d9ba http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fd97bd411d1da45b79e63c2124741f8e82cc5a5c http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=0c071936e94c6859afb2ec8d2c8dddf7bcdab7ee This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1196 https://rhn.redhat.com/errata/RHSA-2015-1196.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1195 https://rhn.redhat.com/errata/RHSA-2015-1195.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:1194 https://rhn.redhat.com/errata/RHSA-2015-1194.html Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. |