Bug 1221541 (CVE-2015-3167)
Summary: | CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key. | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | apatters, bkearney, cperry, dajohnso, databases-maint, dclarizi, devrim, ggainey, gmccullo, hhorak, jhardy, jmlich, jorton, jprause, jrusnack, jstanek, jvlcek, kseifried, mdshaikh, meissner, mkollar, mmaslano, obarenbo, praiskup, security-response-team, taw, tgl, thomas, tjay, xlecauch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20 | Doc Type: | Bug Fix |
Doc Text: |
It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-10 04:31:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1224319, 1224320, 1225794, 1225795, 1225797, 1225798, 1225799, 1232680, 1232685 | ||
Bug Blocks: | 1221543 |
Description
Martin Prpič
2015-05-14 10:21:49 UTC
Public via: http://www.postgresql.org/about/news/1587/ This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1196 https://rhn.redhat.com/errata/RHSA-2015-1196.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2015:1195 https://rhn.redhat.com/errata/RHSA-2015-1195.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:1194 https://rhn.redhat.com/errata/RHSA-2015-1194.html Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. |