Bug 931972 – VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible crash when client disconnects

Bug 931972 - (CVE-2015-3165) VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible crash when client disconnects

(CVE-2015-3165)
Summary:	VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Reinhard Max
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:61971 maint:...
Keywords:

Depends on:
Blocks:	932040
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-05-22 08:07 UTC by Alexander Bergmann
Modified:	2018-11-07 16:28 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Swamp Workflow Management 2015-05-22 22:00:14 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2015-06-19 22:05:30 UTC

SUSE-SU-2015:1091-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 907651,931972,931973,931974,932040
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Manager Server (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    postgresql91-libs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    postgresql91-9.1.18-0.3.1

Comment 4 Marcus Meissner 2015-06-22 12:28:56 UTC

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Comment 5 Victor Pereira 2015-06-22 15:10:21 UTC

fixed and released

Comment 6 Swamp Workflow Management 2015-07-17 16:07:49 UTC

SUSE-SU-2015:1264-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 931972,931973,931974
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Server 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Desktop 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1