SUSE: 2016:2414-1 Critical: Postgresql93 Untrusted Pointer Issue
suse
September 29, 2016
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...
Summary
This update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack For additional non-security issues please refer to - https://www.postgresql.org/docs/9.3/release-9-3-14.html - https://www.postgresql.org/docs/9.3/release-9-3-13.html - https://www.postgresql.org/docs/9.3/release-9-3-12.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
References
#973660 #993453 #993454
Cross- CVE-2016-5423 CVE-2016-5424
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
https://www.suse.com/security/cve/CVE-2016-5423.html
https://www.suse.com/security/cve/CVE-2016-5424.html
https://bugzilla.suse.com/973660
https://bugzilla.suse.com/993453
https://bugzilla.suse.com/993454
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2016:2414-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!