Wind River Support Network


LIN6-9978 : Security Advisory - postgresql - CVE-2015-3167

Created: Jun 9, 2015    Updated: Dec 3, 2018
Resolved Date: Jul 8, 2015
Previous ID: LIN4-32716
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


The PostgreSQL project reports the following issue:

pgcrypto functions usually reported "Wrong key or corrupt data" upon decrypting with an incorrect key, but several other messages were possible when the errant decryption output resembled an OpenPGP packet header. Error message variance in other systems has enabled cryptologic attacks; see RFC 4880 section "14. Security Considerations". Whether these pgcrypto behaviors are likewise exploitable is unknown.

This flaw is fixed in upstream versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 of PostgreSQL.


Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.

Other Downloads

Live chat