SSL clients disconnecting just before the authentication timeout expires
can cause the server to crash via a double-free issue leading to denial
of service.
The replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information disclosure.
In contrib/pgcrypto, some cases of decryption with an incorrect key
could report other error message texts. Fix by using a one-size-fits-all
message.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | postgresql | < 9.4.2-1 | UNKNOWN |