Bug 931972 - (CVE-2015-3165) VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible crash when client disconnects
(CVE-2015-3165)
VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Reinhard Max
Security Team bot
maint:released:sle11-sp3:61971 maint:...
:
Depends on:
Blocks: 932040
  Show dependency treegraph
 
Reported: 2015-05-22 08:07 UTC by Alexander Bergmann
Modified: 2018-11-07 16:28 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2015-05-22 22:00:14 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2015-06-19 22:05:30 UTC
SUSE-SU-2015:1091-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 907651,931972,931973,931974,932040
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Manager Server (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    postgresql91-libs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    postgresql91-9.1.18-0.3.1
Comment 4 Marcus Meissner 2015-06-22 12:28:56 UTC
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Comment 5 Victor Pereira 2015-06-22 15:10:21 UTC
fixed and released
Comment 6 Swamp Workflow Management 2015-07-17 16:07:49 UTC
SUSE-SU-2015:1264-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 931972,931973,931974
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Server 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Desktop 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1