| Errata ID | 373 |
|---|---|
| Date | 2015-10-14 |
| Source package | postgresql-8.4 |
| Fixed in version | 8.4.22lts4-0.26.201509171802 |
| Description | This update addresses the following issues: * Denial of service due to double-free after authentication timeout (CVE-2015-3165) * Information disclosure due to missing checks of return codes from the standard library (CVE-2015-3166) * Inconsistent error messages from contrib/pgcrypto (CVE-2015-3167) * Fix rare failure to invalidate relation cache init file (Tom Lane) With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the init file that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently. (No CVE) |
| Additional notes | |
| CVE ID | CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 |
| UCS Bug number | #38607 |
