Packages
- postgresql-9.1 - Object-relational SQL database
- postgresql-9.3 - Object-relational SQL database
- postgresql-9.4 - Object-relational SQL database
Details
Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled
authentication timeouts. A remote attacker could use this flaw to cause the
unauthenticated session to crash, possibly leading to a security issue.
(CVE-2015-3165)
Noah Misch discovered that PostgreSQL incorrectly handled certain standard
library function return values, possibly leading to security issues.
(CVE-2015-3166)
Noah Misch discovered that the pgcrypto function could return different
error messages when decrypting using an incorrect key, possibly leading to
a security issue. (CVE-2015-3167)
Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled
authentication timeouts. A remote attacker could use this flaw to cause the
unauthenticated session to crash, possibly leading to a security issue.
(CVE-2015-3165)
Noah Misch discovered that PostgreSQL incorrectly handled certain standard
library function return values, possibly leading to security issues.
(CVE-2015-3166)
Noah Misch discovered that the pgcrypto function could return different
error messages when decrypting using an incorrect key, possibly leading to
a security issue. (CVE-2015-3167)
Update instructions
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 15.04 vivid | postgresql-9.4 – 9.4.2-0ubuntu0.15.04 | ||
| 14.10 utopic | postgresql-9.4 – 9.4.2-0ubuntu0.14.10 | ||
| 14.04 trusty | postgresql-9.3 – 9.3.7-0ubuntu0.14.04 | ||
| 12.04 precise | postgresql-9.1 – 9.1.16-0ubuntu0.12.04 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.