* New upstream security/bug fix release (LP: #1457093)
- Improve detection of system-call failures
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
- Note: The other vulnerabilities fixed in 9.1.16 don't affect this version
as we build the PL/Perl package only.
-- Martin Pitt <email address hidden> Wed, 20 May 2015 23:16:18 +0200
This bug was fixed in the package postgresql-9.1 - 9.1.16- 0ubuntu0. 14.04
--------------- 0ubuntu0. 14.04) trusty-security; urgency=medium
postgresql-9.1 (9.1.16-
* New upstream security/bug fix release (LP: #1457093)
- Improve detection of system-call failures
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
- Note: The other vulnerabilities fixed in 9.1.16 don't affect this version
as we build the PL/Perl package only.
-- Martin Pitt <email address hidden> Wed, 20 May 2015 23:16:18 +0200