Bug 931974 (CVE-2015-3167) - VUL-0: CVE-2015-3167: postgresql, postgresql91, postgresql94: In contrib/pgcrypto, uniformly report decryption failures
Summary: VUL-0: CVE-2015-3167: postgresql, postgresql91, postgresql94: In contrib/pgcr...
Status: RESOLVED FIXED
Alias: CVE-2015-3167
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Reinhard Max
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp3:61971 maint:...
Keywords:
Depends on:
Blocks: 932040
  Show dependency treegraph
 
Reported: 2015-05-22 08:07 UTC by Alexander Bergmann
Modified: 2018-11-07 16:28 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2015-05-22 22:00:36 UTC 
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2015-06-19 22:05:49 UTC 
SUSE-SU-2015:1091-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 907651,931972,931973,931974,932040
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Manager Server (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    postgresql91-libs-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Server 11 SP3 (src):    postgresql91-9.1.18-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    postgresql91-9.1.18-0.3.1
Comment 4 Marcus Meissner 2015-06-22 12:30:50 UTC 
http://www.postgresql.org/support/security/

pgcrypto has multiple error messages for decryption with an incorrect key.
Comment 5 Victor Pereira 2015-06-22 15:11:28 UTC 
fixed and released
Comment 6 Swamp Workflow Management 2015-07-17 16:08:10 UTC 
SUSE-SU-2015:1264-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 931972,931973,931974
CVE References: CVE-2015-3165,CVE-2015-3166,CVE-2015-3167
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Server 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1
SUSE Linux Enterprise Desktop 12 (src):    postgresql93-9.3.8-8.1, postgresql93-libs-9.3.8-8.1