Wind River Support Network

Description

The PostgreSQL project reports the following issue:

pgcrypto functions usually reported "Wrong key or corrupt data" upon decrypting with an incorrect key, but several other messages were possible when the errant decryption output resembled an OpenPGP packet header. Error message variance in other systems has enabled cryptologic attacks; see RFC 4880 section "14. Security Considerations". Whether these pgcrypto behaviors are likewise exploitable is unknown.

This flaw is fixed in upstream versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 of PostgreSQL.

Acknowledgements:

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167

Other Downloads

• Wind River Linux 7.0.0.14
• Wind River Linux 7.0.0.15
• Wind River Linux 7.0.0.16
• Wind River Linux 7.0.0.17
• Wind River Linux 7.0.0.18
• Wind River Linux 7.0.0.19
• Wind River Linux 7.0.0.20
• Wind River Linux 7.0.0.21
• Wind River Linux 7.0.0.22
• Wind River Linux 7.0.0.23
• Wind River Linux 7.0.0.24
• Wind River Linux 7.0.0.25
• Wind River Linux 7.0.0.26
• Wind River Linux 7.0.0.27
• Wind River Linux 7.0.0.28
• Wind River Linux 7.0.0.29
• Wind River Linux 7.0.0.30
• Wind River Linux 7.0.0.31

CVEs

• CVE-2015-3167