Updated postgresql92-postgresql packages that fix three security issuesare now available for Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

PostgreSQL is an advanced object-relational database management system(DBMS).A double-free flaw was found in the connection handling. An unauthenticatedattacker could exploit this flaw to crash the PostgreSQL back end bydisconnecting at approximately the same time as the authentication time outis triggered. (CVE-2015-3165) It was discovered that PostgreSQL did not properly check the return valuesof certain standard library functions. If the system is in a state thatwould cause the standard library functions to fail, for example memoryexhaustion, an authenticated user could exploit this flaw to disclosepartial memory contents or cause the GSSAPI authentication to use anincorrect keytab file. (CVE-2015-3166)It was discovered that the pgcrypto module could return different errormessages when decrypting certain data with an incorrect key. This can helpan authenticated user to launch a possible cryptographic attack, althoughno suitable attack is currently known. (CVE-2015-3167)Red Hat would like to thank the PostgreSQL project for reporting theseissues. Upstream acknowledges Benkocs Norbert Attila as the originalreporter of CVE-2015-3165 and Noah Misch as the original reporter ofCVE-2015-3166 and CVE-2015-3167.All PostgreSQL users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. If thepostgresql92-postgresql service is running, it will be automaticallyrestarted after installing this update.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
postgresql92-postgresql-9.2.13-1.el6.src.rpm
    MD5: b45733d38e77d6be6006081169293cf3SHA-256: 376eea1da06219473aa25f0bc6c2ed1460d7aa39d4e517ac06342589ea0f77b1
 
x86_64:
postgresql92-postgresql-9.2.13-1.el6.x86_64.rpm
    MD5: b3288222da27ec2946848747fb40b56dSHA-256: 12838c355e3395136107297ac1b52b129a6097971e74785d35617de7ea3a9524
postgresql92-postgresql-contrib-9.2.13-1.el6.x86_64.rpm
    MD5: a4fb951f828b51c027c2966d40b06865SHA-256: a4f0b47a8655690573abfccbeba3c0f07f8dcc670d7830eb773a42cfd99c6430
postgresql92-postgresql-debuginfo-9.2.13-1.el6.x86_64.rpm
    MD5: ac4a9303a93a181e42b44651705bfd5eSHA-256: 5af81a91c02e928693580d5a4fd64bf479c4d73befb54bfc89f5077ab3805cfb
postgresql92-postgresql-devel-9.2.13-1.el6.x86_64.rpm
    MD5: fef2dedcd00807119afc156345aa0552SHA-256: 8d1817482d5327b5bfc0301fafbc7617d3bad733c54ab71fb4ab2939ffef70f9
postgresql92-postgresql-docs-9.2.13-1.el6.x86_64.rpm
    MD5: fb7d867e692c926d7769092d8dbb5c86SHA-256: e2c126039d7333c041bc6026ae72877c995cdb96982a582a017fdbe99a4dda50
postgresql92-postgresql-libs-9.2.13-1.el6.x86_64.rpm
    MD5: f01d690f068b75cb531615f3df98a74dSHA-256: 0f4aa8e18b58e6f4bd42d721aa4204b2252edcdf166abbfffd2a23b6096f1259
postgresql92-postgresql-plperl-9.2.13-1.el6.x86_64.rpm
    MD5: 533e91ea0116474924c62943c09d807fSHA-256: 94e858105abc6decec341a0837df2fb9f70d851e69b3a71410067952d6a23efe
postgresql92-postgresql-plpython-9.2.13-1.el6.x86_64.rpm
    MD5: 6a0a13d01a8754af16583fd4a4b2c958SHA-256: 46a67d5d40a053f7d558447df509053d0af98bcbeae4f0b3702a4f90b7eef2be
postgresql92-postgresql-pltcl-9.2.13-1.el6.x86_64.rpm
    MD5: c815af68320241dd38cc92daa7400232SHA-256: 8b4b9f6174459ba359e3c91f1fc8dd172c1336bbadf5ba3faba91dded5d58670
postgresql92-postgresql-server-9.2.13-1.el6.x86_64.rpm
    MD5: f747b0c627589c007cd8cd6e3a5c6fbaSHA-256: 3518e73d46c4884e4d98d9545d1ea3a6c7f42651cdd0dc7e5dfe2dfea3e78d43
postgresql92-postgresql-test-9.2.13-1.el6.x86_64.rpm
    MD5: 8dcc1e3ed7fa02cd7940ad914631ce9aSHA-256: eb1a8126b8fd85fd4da1a3220e35343f02cae9f607d9a95a4b78b6e3fded84f9
postgresql92-postgresql-upgrade-9.2.13-1.el6.x86_64.rpm
    MD5: 78e0720ce088ae321596b6846021324eSHA-256: 80b9bd4a4dab345d15321e49d9ec0c39cfb57a75bb57592f6ea6679d3e315215
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
postgresql92-postgresql-9.2.13-1.el7.src.rpm
    MD5: 95126754b12a9d3a5b9ebf738230a0f5SHA-256: 0949fef11361195f5dcf71b8fd2494170271fc1653278fd437f9b6d677e2de0c
 
x86_64:
postgresql92-postgresql-9.2.13-1.el7.x86_64.rpm
    MD5: 50a3e28c953bf8de6dd83c7910daed89SHA-256: b9b612f132484fa7ac35a1eef26e86622b8453f752a1a22aa7ab2964cc7e3444
postgresql92-postgresql-contrib-9.2.13-1.el7.x86_64.rpm
    MD5: cd2910f6935fed590880469dd1e1b6f8SHA-256: 4dbd2f6ca3fbf48d65fb2224a220b9e37432b86f0400c840d89aaf53cc1dbad7
postgresql92-postgresql-debuginfo-9.2.13-1.el7.x86_64.rpm
    MD5: e22452bd33eef635be37468a154e3367SHA-256: bca6df87b0f744ae0f2ef07872c74b0eb804bbd4a77f7ea3908797cc025c76b4
postgresql92-postgresql-devel-9.2.13-1.el7.x86_64.rpm
    MD5: 5df43a0c6b7a33505dfdccee11774ddfSHA-256: 17400b95614f50cf3056341e87c3eb99be5468f37f49f039fcf3c326850058f6
postgresql92-postgresql-docs-9.2.13-1.el7.x86_64.rpm
    MD5: de7105851d103c599fea42b0f13d6ec9SHA-256: b80e5b6594440381d76055dc9a4929f6509aec745e8766ec2ac9605155429820
postgresql92-postgresql-libs-9.2.13-1.el7.x86_64.rpm
    MD5: ea17d732f1b211ee2f5b7959c9939eaeSHA-256: 87bc7e582ce193f6f8e4a4f372babdaf5c61f9c1526aa4ef38137dc75c955e0f
postgresql92-postgresql-plperl-9.2.13-1.el7.x86_64.rpm
    MD5: 201cbe8ca41d186ed36c0ef42197c8b9SHA-256: 00f17bc2b8d06c0352f2411597ee79f6c87921f72a02cf6e8bd9110fa3b7eb36
postgresql92-postgresql-plpython-9.2.13-1.el7.x86_64.rpm
    MD5: edcb848448746275d1129fac91d5edaaSHA-256: 58b20709af1a89ef03d395f2d4b277932f9dcd1c9ead48948634fcd962d47631
postgresql92-postgresql-pltcl-9.2.13-1.el7.x86_64.rpm
    MD5: c4fb2bd18f3fd16fc31f94ea04bcae29SHA-256: 089714067f08b42de690bb62e20b9aae92925a9014ae5f04f795d526481fe97d
postgresql92-postgresql-server-9.2.13-1.el7.x86_64.rpm
    MD5: 097a54e7669843eef4e477c8348ce226SHA-256: 1fb91ab678b21f18cd82d0684fae61e4e9b72b16d3b054b3f7b65af2194d76b0
postgresql92-postgresql-test-9.2.13-1.el7.x86_64.rpm
    MD5: 7a698ebd5d243db50b5df595d02547b4SHA-256: e2455130364dc4f678922285753735bd7808d45a48a12db3f45daa7d3dda7dbc
postgresql92-postgresql-upgrade-9.2.13-1.el7.x86_64.rpm
    MD5: 95f4f7d4877438d1fde6d54860aef910SHA-256: d6b6e8cec72bee5f1585e45ab059f6b61c090964b211c1d0e97c77a41d032c7b
 
(The unlinked packages above are only available from the Red Hat Network)
1221537 – CVE-2015-3165 postgresql: double-free after authentication timeout1221539 – CVE-2015-3166 postgresql: unanticipated errors from the standard library1221541 – CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply