Updated rh-postgresql94-postgresql packages that fix three security issuesare now available for Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

PostgreSQL is an advanced object-relational database management system(DBMS).A double-free flaw was found in the connection handling. An unauthenticatedattacker could exploit this flaw to crash the PostgreSQL back end bydisconnecting at approximately the same time as the authentication time outis triggered. (CVE-2015-3165)It was discovered that PostgreSQL did not properly check the return valuesof certain standard library functions. If the system is in a state thatwould cause the standard library functions to fail, for example memoryexhaustion, an authenticated user could exploit this flaw to disclosepartial memory contents or cause the GSSAPI authentication to use anincorrect keytab file. (CVE-2015-3166)It was discovered that the pgcrypto module could return different errormessages when decrypting certain data with an incorrect key. This can helpan authenticated user to launch a possible cryptographic attack, althoughno suitable attack is currently known. (CVE-2015-3167)Red Hat would like to thank the PostgreSQL project for reporting theseissues. Upstream acknowledges Benkocs Norbert Attila as the originalreporter of CVE-2015-3165 and Noah Misch as the original reporter ofCVE-2015-3166 and CVE-2015-3167.All PostgreSQL users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. If therh-postgresql94-postgresql service is running, it will be automaticallyrestarted after installing this update.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
rh-postgresql94-postgresql-9.4.4-1.el6.src.rpm
    MD5: b84dd986bd4a8124ad9f30c748dd569eSHA-256: 024c51bb0f53cbc4ed8d04a0305c300ea3c4b6e08f8a25d1472e2a381cb60a6f
 
x86_64:
rh-postgresql94-postgresql-9.4.4-1.el6.x86_64.rpm
    MD5: 3509faba77cfce2b1a1bb382fab7d957SHA-256: dd92d83c1f95b4cbded27c10eb39933882714dc76e3ec3350f3dd44792c24c77
rh-postgresql94-postgresql-contrib-9.4.4-1.el6.x86_64.rpm
    MD5: 79f374c083f9260753bae5af156188a4SHA-256: d682b77ca8c409c7208378f70c22d0b032c59ad2220abc1561741950f65cc635
rh-postgresql94-postgresql-debuginfo-9.4.4-1.el6.x86_64.rpm
    MD5: da49ee37357a7fccbe0a5ba581413d7cSHA-256: cc046a3b922d3a7a8013a645c435732cc5bfe4fe4e511abe8dfb097c3f2fe889
rh-postgresql94-postgresql-devel-9.4.4-1.el6.x86_64.rpm
    MD5: ae3beb126247f2c4acfdb33a6a7f2e3bSHA-256: ac677cca19089d8a2c5088c14f4330779d4dfb8ecd2ea0dc46fdee6fceb3c215
rh-postgresql94-postgresql-docs-9.4.4-1.el6.x86_64.rpm
    MD5: fd9a3966d2d9a792d0a156b7c1a5ff16SHA-256: 807771896e218b78c3af0cfe4178a5771dde6fde8f526708b291a3789f72735e
rh-postgresql94-postgresql-libs-9.4.4-1.el6.x86_64.rpm
    MD5: 759fdfc5d9842bfb5e2cea0e64cc13c7SHA-256: 75a6b0f4ed11f4a16c9cdf29e376e5fad43977588911641922d3fc1d56f89bd4
rh-postgresql94-postgresql-plperl-9.4.4-1.el6.x86_64.rpm
    MD5: 603a61e72ecca394adbd3c83f2737ea5SHA-256: 664b0d65689f734e7dee63093eff5fb636c6cbaad4c03a82c1a66d6a97172a42
rh-postgresql94-postgresql-plpython-9.4.4-1.el6.x86_64.rpm
    MD5: ab17ca3127da2cc590803d938f72f1bdSHA-256: 125bf28a03b08236a131d5dfa9c6b44ea006d0799c91659f83efe5d709b08e07
rh-postgresql94-postgresql-pltcl-9.4.4-1.el6.x86_64.rpm
    MD5: 383cec7e12c4ce79d0604289a31a85a9SHA-256: b89131348906e2c46d760901bb23400508f24eafcaa1c7043d0f2ff78847574e
rh-postgresql94-postgresql-server-9.4.4-1.el6.x86_64.rpm
    MD5: 819cdf5e183e71646813dc9fb1915a49SHA-256: 114d1cad206c46e601bf0cc5dcbf089b4472a7722943c04748874aeebee95a19
rh-postgresql94-postgresql-test-9.4.4-1.el6.x86_64.rpm
    MD5: e1e412fdc004961ae12230d247f6092cSHA-256: 8ff89c22d18d540f4cdf2acc73e62641494e5ea294c1f70f08b6d9a02035ecae
rh-postgresql94-postgresql-upgrade-9.4.4-1.el6.x86_64.rpm
    MD5: 710a4de366d82ede7a0c7a09b1c5bde9SHA-256: cdae42021810a194bbe626fdd9d9603357a5fc79a67d4bc10b5ebe9b7d4e6fac
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
rh-postgresql94-postgresql-9.4.4-1.el7.src.rpm
    MD5: 7956b43b873c8871c56793c9e43db309SHA-256: 27d5ca90aedae12d784517d740b22424e71bc74f405540dd5b5865722382d27f
 
x86_64:
rh-postgresql94-postgresql-9.4.4-1.el7.x86_64.rpm
    MD5: 8c5f1e2e332ad71571b515650a8ee664SHA-256: 25cf2ffe68d723c5eb7a3770542997c8a94e0561731ce3650c1988e5cba7ab87
rh-postgresql94-postgresql-contrib-9.4.4-1.el7.x86_64.rpm
    MD5: eaab7097718cffd859b6ac74f8459dedSHA-256: 5e6d5ad2fde2379c1c780c4c0d87623c7ab45e010b9680bb0b4ee4f10589ff48
rh-postgresql94-postgresql-debuginfo-9.4.4-1.el7.x86_64.rpm
    MD5: a66740925e63cd8510018fe35e4088cdSHA-256: 743e9fcfd1d9d5d83631a3460d517c25f66dc168b204ce671af9b7c45928d1c2
rh-postgresql94-postgresql-devel-9.4.4-1.el7.x86_64.rpm
    MD5: ba797213742c40ed9edf48cc98a5ef17SHA-256: e15a488fde8c98a5bb537e7e0b6e9fa15c318792ed35f9c38981583df657a546
rh-postgresql94-postgresql-docs-9.4.4-1.el7.x86_64.rpm
    MD5: 265604c839eefb1e8ab103c4d1344cc8SHA-256: 336ea675312d920ead3626b1b0f888d208f48020766c2556355a36c27063f100
rh-postgresql94-postgresql-libs-9.4.4-1.el7.x86_64.rpm
    MD5: 1c59bad791085910ea69abb8faeb0a1fSHA-256: e36a1542dff37206a5d4236d88abd15f1ab3f7dc02aaf0284ea182ed330d4b83
rh-postgresql94-postgresql-plperl-9.4.4-1.el7.x86_64.rpm
    MD5: ab5d2ad6c8a298d084e69b14ccd88a29SHA-256: d0587b5ee18845492373994bbfd710b032df2752d9812107d4547bd87184118b
rh-postgresql94-postgresql-plpython-9.4.4-1.el7.x86_64.rpm
    MD5: f8fc2ce246d4c2edf88d22e6c054ee0fSHA-256: ce0cc17488f1c7e76e3a4bd297f0e5aa59608a0f69899057198f15964da71ffd
rh-postgresql94-postgresql-pltcl-9.4.4-1.el7.x86_64.rpm
    MD5: 667bcf2863bc90c848689a21c117168fSHA-256: 0b48cbb32d4b7351ddc902e6dc9dbe201d2bff0fbd9e160e12bf867d779217cc
rh-postgresql94-postgresql-server-9.4.4-1.el7.x86_64.rpm
    MD5: 829d230f4e792a7b0c81c1a4323028cdSHA-256: 3f3832bee21e85600421bad50a8a30f39ec0c17eef28ac208e68c09f42901684
rh-postgresql94-postgresql-test-9.4.4-1.el7.x86_64.rpm
    MD5: 2eb5c07621dba9c10b3e2e46574ebd12SHA-256: 7e39f7f09898568a66f9e5d4f7a7153bfa578d47201643b7b6f7c51f3ce5b48b
rh-postgresql94-postgresql-upgrade-9.4.4-1.el7.x86_64.rpm
    MD5: 8f65db22818a346c7638a4030ab3a7cbSHA-256: 18c8b36d6fe6fd5a7a29357d01327433dc9ae0a70b13a4bacaf7c3ad401c9286
 
(The unlinked packages above are only available from the Red Hat Network)
1221537 – CVE-2015-3165 postgresql: double-free after authentication timeout1221539 – CVE-2015-3166 postgresql: unanticipated errors from the standard library1221541 – CVE-2015-3167 postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply