Overview

File _patchinfo of Package patchinfo.712

<patchinfo incident="712">
  <issue id="931972" tracker="bnc">VUL-0: CVE-2015-3165: postgresql, postgresql91, postgresql94: Avoid possible crash when client disconnects</issue>
  <issue id="931973" tracker="bnc">VUL-0: CVE-2015-3166: postgresql, postgresql91, postgresql94: Consistently check for failure of the *printf()</issue>
  <issue id="931974" tracker="bnc">VUL-0: CVE-2015-3167: postgresql, postgresql91, postgresql94: In contrib/pgcrypto, uniformly report decryption failures</issue>
  <issue id="CVE-2015-3165" tracker="cve" />
  <issue id="CVE-2015-3166" tracker="cve" />
  <issue id="CVE-2015-3167" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7.

Security issues fixed:

* CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires.
* CVE-2015-3166, bsc#931973: Consistently check for failure of the printf() family of functions.
* CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data"

Bugs fixed:

* Protect against wraparound of multixact member IDs.
* Avoid failures while fsync'ing data directory during crash restart.
* Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set.
* Allow libpq to use TLS protocol versions beyond v1.

- For the full release notes, see the following two URLs
  http://www.postgresql.org/docs/9.3/static/release-9-3-8.html
  http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
</description>
  <summary>Security update for postgresql93</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places