Launchpad.net

CVE 2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Related bugs and status

CVE-2015-5288 (Candidate) is related to these bugs:

Bug #1504132: New upstream microreleases 9.1.19, 9.3.10, 9.4.5

		In	Importance	Status
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.4 (Ubuntu)	High	Fix Released
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.4 (Ubuntu Vivid)	Undecided	Fix Released
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.4 (Ubuntu Wily)	High	Fix Released
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.3 (Ubuntu)	Undecided	Invalid
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.3 (Ubuntu Trusty)	Undecided	Fix Released
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.1 (Ubuntu)	Undecided	Invalid
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.1 (Ubuntu Precise)	Undecided	Fix Released
1504132	New upstream microreleases 9.1.19, 9.3.10, 9.4.5	postgresql-9.1 (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-5288

Related bugs and status

Related bugs

References