PublicDateAtUSN: 2015-05-22
Candidate: CVE-2015-3165
PublicDate: 2015-05-28 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
 http://www.postgresql.org/about/news/1587/
 https://ubuntu.com/security/notices/USN-2621-1
Description:
 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16,
 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows
 remote attackers to cause a denial of service (crash) by closing an SSL
 session at a time when the authentication timeout will expire during the
 session shutdown sequence.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/wily/+source/postgresql-9.4/+bug/1457093
Priority: medium
Discovered-by: Benkocs Norbert Attila
Assigned-to: mdeslaur
CVSS: 

Patches_postgresql-9.4:
upstream_postgresql-9.4: released (9.4.2)
precise_postgresql-9.4: DNE
precise/esm_postgresql-9.4: DNE
trusty_postgresql-9.4: DNE
trusty/esm_postgresql-9.4: DNE
utopic_postgresql-9.4: released (9.4.2-0ubuntu0.14.10)
vivid_postgresql-9.4: released (9.4.2-0ubuntu0.15.04)
vivid/stable-phone-overlay_postgresql-9.4: DNE
vivid/ubuntu-core_postgresql-9.4: DNE
wily_postgresql-9.4: released (9.4.2-1)
xenial_postgresql-9.4: DNE
yakkety_postgresql-9.4: DNE
zesty_postgresql-9.4: DNE
devel_postgresql-9.4: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.7)
precise_postgresql-9.3: DNE
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.7-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.7-0ubuntu0.14.04)
utopic_postgresql-9.3: DNE
vivid_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
vivid/ubuntu-core_postgresql-9.3: DNE
wily_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.16)
precise_postgresql-9.1: released (9.1.16-0ubuntu0.12.04)
precise/esm_postgresql-9.1: released (9.1.16-0ubuntu0.12.04)
trusty_postgresql-9.1: released (9.1.16-0ubuntu0.14.04)
trusty/esm_postgresql-9.1: DNE (trusty was released [9.1.16-0ubuntu0.14.04])
utopic_postgresql-9.1: DNE
vivid_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
vivid/ubuntu-core_postgresql-9.1: DNE
wily_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: needs-triage
precise_postgresql-8.4: ignored (reached end-of-life)
precise/esm_postgresql-8.4: DNE (precise was needs-triage)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
utopic_postgresql-8.4: DNE
vivid_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
wily_postgresql-8.4: DNE
xenial_postgresql-8.4: DNE
yakkety_postgresql-8.4: DNE
zesty_postgresql-8.4: DNE
devel_postgresql-8.4: DNE