PublicDateAtUSN: 2015-05-22
Candidate: CVE-2015-3167
PublicDate: 2019-11-20 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167
 http://www.postgresql.org/about/news/1587/
 https://ubuntu.com/security/notices/USN-2621-1
Description:
 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x
 before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different
 error responses when an incorrect key is used, which makes it easier for
 attackers to obtain the key via a brute force attack.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/wily/+source/postgresql-9.4/+bug/1457093
Priority: medium
Discovered-by: Noah Misch
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_postgresql-9.4:
upstream_postgresql-9.4: released (9.4.2)
precise_postgresql-9.4: DNE
precise/esm_postgresql-9.4: DNE
trusty_postgresql-9.4: DNE
trusty/esm_postgresql-9.4: DNE
utopic_postgresql-9.4: released (9.4.2-0ubuntu0.14.10)
vivid_postgresql-9.4: released (9.4.2-0ubuntu0.15.04)
vivid/stable-phone-overlay_postgresql-9.4: DNE
vivid/ubuntu-core_postgresql-9.4: DNE
wily_postgresql-9.4: released (9.4.2-1)
xenial_postgresql-9.4: DNE
yakkety_postgresql-9.4: DNE
zesty_postgresql-9.4: DNE
devel_postgresql-9.4: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.7)
precise_postgresql-9.3: DNE
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.7-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.7-0ubuntu0.14.04)
utopic_postgresql-9.3: DNE
vivid_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
vivid/ubuntu-core_postgresql-9.3: DNE
wily_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.16)
precise_postgresql-9.1: released (9.1.16-0ubuntu0.12.04)
precise/esm_postgresql-9.1: released (9.1.16-0ubuntu0.12.04)
trusty_postgresql-9.1: released (9.1.16-0ubuntu0.14.04)
trusty/esm_postgresql-9.1: DNE (trusty was released [9.1.16-0ubuntu0.14.04])
utopic_postgresql-9.1: DNE
vivid_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
vivid/ubuntu-core_postgresql-9.1: DNE
wily_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: needs-triage
precise_postgresql-8.4: ignored (reached end-of-life)
precise/esm_postgresql-8.4: DNE (precise was needs-triage)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
utopic_postgresql-8.4: DNE
vivid_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
wily_postgresql-8.4: DNE
xenial_postgresql-8.4: DNE
yakkety_postgresql-8.4: DNE
zesty_postgresql-8.4: DNE
devel_postgresql-8.4: DNE