This bug was fixed in the package postgresql-9.1 - 9.1.16-0ubuntu0.14.04
---------------
postgresql-9.1 (9.1.16-0ubuntu0.14.04) trusty-security; urgency=medium
* New upstream security/bug fix release (LP: #1457093)
- Improve detection of system-call failures
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
- Note: The other vulnerabilities fixed in 9.1.16 don't affect this version
as we build the PL/Perl package only.
-- Martin Pitt <[email protected]> Wed, 20 May 2015 23:16:18
+0200
** Changed in: postgresql-9.1 (Ubuntu Trusty)
Status: In Progress => Fix Released
** Changed in: postgresql-9.1 (Ubuntu Precise)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1457093
Title:
New upstream microreleases 9.1.16, 9.3.7, 9.4.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1457093/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
