[ubuntu/trusty-updates] postgresql-9.1 9.1.16-0ubuntu0.14.04 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon May 25 11:58:38 UTC 2015
postgresql-9.1 (9.1.16-0ubuntu0.14.04) trusty-security; urgency=medium
* New upstream security/bug fix release (LP: #1457093)
- Improve detection of system-call failures
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
- Note: The other vulnerabilities fixed in 9.1.16 don't affect this version
as we build the PL/Perl package only.
Date: 2015-05-22 14:38:23.476369+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.16-0ubuntu0.14.04
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list