Wind River Support Network

HomeDefectsLIN7-3985
Fixed

LIN7-3985 : Security Advisory - postgresql - CVE-2015-3167

Created: Jun 9, 2015    Updated: Sep 8, 2018
Resolved Date: Jul 9, 2015
Previous ID: LIN4-32717
Found In Version: 7.0.0.5
Fix Version: 7.0.0.8
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

The PostgreSQL project reports the following issue:

pgcrypto functions usually reported "Wrong key or corrupt data" upon decrypting with an incorrect key, but several other messages were possible when the errant decryption output resembled an OpenPGP packet header. Error message variance in other systems has enabled cryptologic attacks; see RFC 4880 section "14. Security Considerations". Whether these pgcrypto behaviors are likewise exploitable is unknown.

This flaw is fixed in upstream versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20 of PostgreSQL.

Acknowledgements:

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167

Other Downloads


CVEs


Live chat
Online