SUSE-SU-2015:1821-1

Описание

The PostreSQL database postgresql93 was updated to the bugfix release 9.3.10:

Security issues fixed:

• CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
• CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.

For the full release notes, see: http://www.postgresql.org/docs/current/static/release-9-3-10.html

Other bugs fixed:

• Move systemd related stuff and user creation to postgresql-init.
• Remove some obsolete %suse_version conditionals.
• Relax dependency on libpq to major version.
• Fix possible failure to recover from an inconsistent database state. See full release notes for details.
• Fix rare failure to invalidate relation cache init file.
• Avoid deadlock between incoming sessions and CREATE/DROP DATABASE.
• Improve planner's cost estimates for semi-joins and anti-joins with inner indexscans
• For the full release notes for 9.3.9 see: http://www.postgresql.org/docs/9.3/static/release-9-3-9.html