- Desktop
- Enterprise
- Gaming
- Graphics
- Hardware
- Linux Kernel
- Multimedia
- Operating Systems
- Programming
- System Internals
- All Projects
- Latest News
- fate/iamf: add a demux text
- pg_combinebackup: Add --version to --help output
- PostgreSQL: Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- avcodec/mediacodecenc: Add global header support
- tdf#159660: also add normal blend filter
- Linux Kernel: Linux 6.9-rc5
- WINE: Release 9.7.
- Sync psm/evdev/atkbd with FreeBSD
- Latest News (cont.)
- lavfi: Add pad_vaapi filter
- lavfi: Add drawbox_vaapi filter
- Linux Kernel: Linux 6.9-rc4
- Embind: support .implement()-based JS UNO objects
- tdf#33603: sd: rework notes panel
- xwayland: Add SourceValidate hook
- UPower: Release 1.90.4
- timezone: sync to TZDB 2024a
- Linux Kernel: Linux 6.9-rc3
- Optimize pg_popcount() with AVX-512 instructions
- Enhance nbtree ScalarArrayOp execution
Featured content is also available via:
pgcrypto: Detect and report too-short crypt() salts
Enterprise / PostgreSQL - Noah Misch [leadboat.com] - 5 October 2015 09:06 UTC
Certain short salts crashed the backend or disclosed a few bytes of backend memory. For existing salt-induced error conditions, emit a message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
1d812c8 pgcrypto: Detect and report too-short crypt() salts.
contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++--
contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++---
contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++
contrib/pgcrypto/expected/crypt-des.out | 4 ++++
contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++
contrib/pgcrypto/sql/crypt-des.sql | 4 ++++
contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++
9 files changed, 103 insertions(+), 6 deletions(-)
Upstream: git.postgresql.org
Related PostgreSQL Activity
- pgcrypto: Remove non-OpenSSL support
Peter Eisentraut - pgcrypto: Make header files stand alone
Peter Eisentraut
Share
- Tweet
Recent PostgreSQL Activity
- Post-commit review fixes for slot synchronization
Amit Kapila - pg_combinebackup: Add --version to --help output
Peter Eisentraut - Support SSL_R_VERSION_TOO_LOW when using LibreSSL
Daniel Gustafsson - Support disallowing SSL renegotiation when using LibreSSL
Daniel Gustafsson - Remove some unnecessary fields from executor nodes
Tom Lane