Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2016:0677-1: important: Security update for postgresql94

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for postgresql94

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:0677-1

Rating: important

References: #949669 #949670 #966435 #966436

Cross-References: CVE-2007-4772 CVE-2015-5288 CVE-2015-5289

CVE-2016-0766 CVE-2016-0773

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Desktop 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

______________________________________________________________________________

 

An update that fixes 5 vulnerabilities is now available.

 

Description:

 

 

This update for postgresql94 fixes the following issues:

 

- Security and bugfix release 9.4.6:

* *** IMPORTANT *** Users of version 9.4 will need to reindex any

jsonb_path_ops indexes they have created, in order to fix a persistent

issue with missing index entries.

* Fix infinite loops and buffer-overrun problems in regular expressions

(CVE-2016-0773, bsc#966436).

* Fix regular-expression compiler to handle loops of constraint arcs

(CVE-2007-4772).

* Prevent certain PL/Java parameters from being set by non-superusers

(CVE-2016-0766, bsc#966435).

* Fix many issues in pg_dump with specific object types

* Prevent over-eager pushdown of HAVING clauses for GROUPING SETS

* Fix deparsing error with ON CONFLICT ... WHERE clauses

* Fix tableoid errors for postgres_fdw

* Prevent floating-point exceptions in pgbench

* Make \det search Foreign Table names consistently

* Fix quoting of domain constraint names in pg_dump

* Prevent putting expanded objects into Const nodes

* Allow compile of PL/Java on Windows

* Fix "unresolved symbol" errors in PL/Python execution

* Allow Python2 and Python3 to be used in the same database

* Add support for Python 3.5 in PL/Python

* Fix issue with subdirectory creation during initdb

* Make pg_ctl report status correctly on Windows

* Suppress confusing error when using pg_receivexlog with older servers

* Multiple documentation corrections and additions

* Fix erroneous hash calculations in gin_extract_jsonb_path()

- For the full release notse, see:

http://www.postgresql.org/docs/9.4/static/release-9-4-6.html

 

- Security and bugfix release 9.4.5:

* CVE-2015-5289, bsc#949670: json or jsonb input values constructed from

arbitrary user input can crash the PostgreSQL server and cause a

denial of service.

* CVE-2015-5288, bsc#949669: The crypt() function included with the

optional pgCrypto extension could be exploited to read a few

additional bytes of memory. No working exploit for this issue has been

developed.

- For the full release notse, see:

http://www.postgresql.org/docs/current/static/release-9-4-5.html

- Relax dependency on libpq to major version.

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Software Development Kit 11-SP4:

 

zypper in -t patch sdksp4-postgresql94-12440=1

 

- SUSE Linux Enterprise Server 11-SP4:

 

zypper in -t patch slessp4-postgresql94-12440=1

 

- SUSE Linux Enterprise Desktop 11-SP4:

 

zypper in -t patch sledsp4-postgresql94-12440=1

 

- SUSE Linux Enterprise Debuginfo 11-SP4:

 

zypper in -t patch dbgsp4-postgresql94-12440=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

 

postgresql94-devel-9.4.6-0.14.3

 

- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

 

libecpg6-9.4.6-0.14.3

libpq5-9.4.6-0.14.3

postgresql94-9.4.6-0.14.3

postgresql94-contrib-9.4.6-0.14.3

postgresql94-docs-9.4.6-0.14.3

postgresql94-server-9.4.6-0.14.3

 

- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

 

libpq5-32bit-9.4.6-0.14.3

 

- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

 

libecpg6-9.4.6-0.14.3

libpq5-9.4.6-0.14.3

postgresql94-9.4.6-0.14.3

postgresql94-docs-9.4.6-0.14.3

 

- SUSE Linux Enterprise Desktop 11-SP4 (x86_64):

 

libpq5-32bit-9.4.6-0.14.3

 

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

 

postgresql94-debuginfo-9.4.6-0.14.3

postgresql94-debugsource-9.4.6-0.14.3

postgresql94-libs-debuginfo-9.4.6-0.14.3

postgresql94-libs-debugsource-9.4.6-0.14.3

 

 

References:

 

https://www.suse.com/security/cve/CVE-2007-4772.html

https://www.suse.com/security/cve/CVE-2015-5288.html

https://www.suse.com/security/cve/CVE-2015-5289.html

https://www.suse.com/security/cve/CVE-2016-0766.html

https://www.suse.com/security/cve/CVE-2016-0773.html

https://bugzilla.suse.com/949669

https://bugzilla.suse.com/949670

https://bugzilla.suse.com/966435

https://bugzilla.suse.com/966436

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×