openSUSE Security Update: Security update for postgresql93
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:2425-1
Rating:             important
References:         #993453 #993454 
Cross-References:   CVE-2016-5423 CVE-2016-5424
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   The postgresql server postgresql93 was updated to 9.3.14 fixes the
   following issues:

   Update to version 9.3.14:
   * Fix possible mis-evaluation of nested CASE-WHEN expressions
     (CVE-2016-5423, boo#993454)
   * Fix client programs' handling of special characters in database and role
     names (CVE-2016-5424, boo#993453)
   * Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested
     composite values
   * Make the inet and cidr data types properly reject IPv6 addresses with
     too many colon-separated fields
   * Prevent crash in close_ps() (the point ## lseg operator) for NaN input
     coordinates
   * Fix several one-byte buffer over-reads in to_number()
   * Avoid unsafe intermediate state during expensive paths through
     heap_update()
   * For the other bug fixes, see the release notes:
     https://www.postgresql.org/docs/9.3/static/release-9-3-14.html

   Update to version 9.3.13:

   This update fixes several problems which caused downtime for users,
   including:
   - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors     in SSL connections, particularly when using the Python, Ruby or PHP
     OpenSSL wrappers   - Fixed the "failed to build N-way joins" planner error
   - Fixed incorrect handling of equivalence in multilevel nestloop query
     plans, which could emit rows which didn't match the WHERE clause.
   - Prevented two memory leaks with using GIN indexes, including a potential
     index corruption risk. The release also includes many other bug fixes
     for reported issues, many of which affect all supported versions:
   - Fix corner-case parser failures occurring when
     operator_precedence_warning is turned on
   - Prevent possible misbehavior of TH, th, and Y,YYY format codes in
     to_timestamp()
   - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect
   - Disallow newlines in ALTER SYSTEM parameter values
   - Avoid possible misbehavior after failing to remove a tablespace symlink
   - Fix crash in logical decoding on alignment-picky platforms
   - Avoid repeated requests for feedback from receiver while shutting down
     walsender
   - Multiple fixes for pg_upgrade
   - Support building with Visual Studio 2015
   - This update also contains tzdata release 2016d, with updates for Russia,
     Venezuela, Kirov, and Tomsk.
     http://www.postgresql.org/docs/current/static/release-9-3-13.html

   Update to version 9.3.12:

   - Fix two bugs in indexed ROW() comparisons
   - Avoid data loss due to renaming files
   - Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE
   - Fix bugs in multiple json_ and jsonb_ functions
   - Log lock waits for INSERT ON CONFLICT correctly
   - Ignore recovery_min_apply_delay until reaching a consistent state
   - Fix issue with pg_subtrans XID wraparound
   - Fix assorted bugs in Logical Decoding
   - Fix planner error with nested security barrier views
   - Prevent memory leak in GIN indexes
   - Fix two issues with ispell dictionaries
   - Avoid a crash on old Windows versions
   - Skip creating an erroneous delete script in pg_upgrade
   - Correctly translate empty arrays into PL/Perl
   - Make PL/Python cope with identifier names

   For the full release notes, see:
   http://www.postgresql.org/docs/9.4/static/release-9-3-12.html


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2016-1140=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      libecpg6-9.3.14-2.13.1
      libecpg6-debuginfo-9.3.14-2.13.1
      libpq5-9.3.14-2.13.1
      libpq5-debuginfo-9.3.14-2.13.1
      postgresql93-9.3.14-2.13.1
      postgresql93-contrib-9.3.14-2.13.1
      postgresql93-contrib-debuginfo-9.3.14-2.13.1
      postgresql93-debuginfo-9.3.14-2.13.1
      postgresql93-debugsource-9.3.14-2.13.1
      postgresql93-devel-9.3.14-2.13.1
      postgresql93-devel-debuginfo-9.3.14-2.13.1
      postgresql93-libs-debugsource-9.3.14-2.13.1
      postgresql93-plperl-9.3.14-2.13.1
      postgresql93-plperl-debuginfo-9.3.14-2.13.1
      postgresql93-plpython-9.3.14-2.13.1
      postgresql93-plpython-debuginfo-9.3.14-2.13.1
      postgresql93-pltcl-9.3.14-2.13.1
      postgresql93-pltcl-debuginfo-9.3.14-2.13.1
      postgresql93-server-9.3.14-2.13.1
      postgresql93-server-debuginfo-9.3.14-2.13.1
      postgresql93-test-9.3.14-2.13.1

   - openSUSE 13.2 (noarch):

      postgresql93-docs-9.3.14-2.13.1

   - openSUSE 13.2 (x86_64):

      libecpg6-32bit-9.3.14-2.13.1
      libecpg6-debuginfo-32bit-9.3.14-2.13.1
      libpq5-32bit-9.3.14-2.13.1
      libpq5-debuginfo-32bit-9.3.14-2.13.1


References:

   https://www.suse.com/security/cve/CVE-2016-5423.html
   https://www.suse.com/security/cve/CVE-2016-5424.html
   https://bugzilla.suse.com/993453
   https://bugzilla.suse.com/993454

openSUSE: 2016:2425-1: important: postgresql93

September 30, 2016
An update that fixes two vulnerabilities is now available

Description

The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues: Update to version 9.3.14: * Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454) * Fix client programs' handling of special characters in database and role names (CVE-2016-5424, boo#993453) * Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values * Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields * Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates * Fix several one-byte buffer over-reads in to_number() * Avoid unsafe intermediate state during expensive paths through heap_update() * For the other bug fixes, see the release notes: https://www.postgresql.org/docs/9.3/static/release-9-3-14.html Update to version 9.3.13: This update fixes several problems which caused downtime for users, including: - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers - Fixed the "failed to build N-way joins" planner error - Fixed incorrect handling of equivalence in multilevel nestloop query plans, which could emit rows which didn't match the WHERE clause. - Prevented two memory leaks with using GIN indexes, including a potential index corruption risk. The release also includes many other bug fixes for reported issues, many of which affect all supported versions: - Fix corner-case parser failures occurring when operator_precedence_warning is turned on - Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp() - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect - Disallow newlines in ALTER SYSTEM parameter values - Avoid possible misbehavior after failing to remove a tablespace symlink - Fix crash in logical decoding on alignment-picky platforms - Avoid repeated requests for feedback from receiver while shutting down walsender - Multiple fixes for pg_upgrade - Support building with Visual Studio 2015 - This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk. http://www.postgresql.org/docs/current/static/release-9-3-13.html Update to version 9.3.12: - Fix two bugs in indexed ROW() comparisons - Avoid data loss due to renaming files - Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE - Fix bugs in multiple json_ and jsonb_ functions - Log lock waits for INSERT ON CONFLICT correctly - Ignore recovery_min_apply_delay until reaching a consistent state - Fix issue with pg_subtrans XID wraparound - Fix assorted bugs in Logical Decoding - Fix planner error with nested security barrier views - Prevent memory leak in GIN indexes - Fix two issues with ispell dictionaries - Avoid a crash on old Windows versions - Skip creating an erroneous delete script in pg_upgrade - Correctly translate empty arrays into PL/Perl - Make PL/Python cope with identifier names For the full release notes, see: http://www.postgresql.org/docs/9.4/static/release-9-3-12.html

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1140=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i586 x86_64): libecpg6-9.3.14-2.13.1 libecpg6-debuginfo-9.3.14-2.13.1 libpq5-9.3.14-2.13.1 libpq5-debuginfo-9.3.14-2.13.1 postgresql93-9.3.14-2.13.1 postgresql93-contrib-9.3.14-2.13.1 postgresql93-contrib-debuginfo-9.3.14-2.13.1 postgresql93-debuginfo-9.3.14-2.13.1 postgresql93-debugsource-9.3.14-2.13.1 postgresql93-devel-9.3.14-2.13.1 postgresql93-devel-debuginfo-9.3.14-2.13.1 postgresql93-libs-debugsource-9.3.14-2.13.1 postgresql93-plperl-9.3.14-2.13.1 postgresql93-plperl-debuginfo-9.3.14-2.13.1 postgresql93-plpython-9.3.14-2.13.1 postgresql93-plpython-debuginfo-9.3.14-2.13.1 postgresql93-pltcl-9.3.14-2.13.1 postgresql93-pltcl-debuginfo-9.3.14-2.13.1 postgresql93-server-9.3.14-2.13.1 postgresql93-server-debuginfo-9.3.14-2.13.1 postgresql93-test-9.3.14-2.13.1 - openSUSE 13.2 (noarch): postgresql93-docs-9.3.14-2.13.1 - openSUSE 13.2 (x86_64): libecpg6-32bit-9.3.14-2.13.1 libecpg6-debuginfo-32bit-9.3.14-2.13.1 libpq5-32bit-9.3.14-2.13.1 libpq5-debuginfo-32bit-9.3.14-2.13.1


References

https://www.suse.com/security/cve/CVE-2016-5423.html https://www.suse.com/security/cve/CVE-2016-5424.html https://bugzilla.suse.com/993453 https://bugzilla.suse.com/993454


Severity
Announcement ID: openSUSE-SU-2016:2425-1
Rating: important
Affected Products: openSUSE 13.2 .

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved