CVE-2015-3167

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.0.20 PostgreSQL versions 9.1.x prior to 9.1.16 PostgreSQL versions 9.2.x prior to 9.2.11 PostgreSQL versions 9.3.x prior to 9.3.7 PostgreSQL versions 9.4.x prior to 9.4.2

Description The issue allows attackers to obtain the key via a brute force attack due to different error responses when an incorrect key is used for decryption. This is related to the pgcrypto module in PostgreSQL.

Recommendations For versions prior to 9.0.20, update to version 9.0.20 or later. For versions 9.1.x prior to 9.1.16, update to version 9.1.16 or later. For versions 9.2.x prior to 9.2.11, update to version 9.2.11 or later. For versions 9.3.x prior to 9.3.7, update to version 9.3.7 or later. For versions 9.4.x prior to 9.4.2, update to version 9.4.2 or later.