Описание
Security update for postgresql91
This update of postgresql91 to 9.1.19 fixes the following issues:
- CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)
Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
postgresql91-9.1.19-0.5.1
postgresql91-docs-9.1.19-0.5.1
SUSE Linux Enterprise Server 11 SP3
postgresql91-9.1.19-0.5.1
postgresql91-contrib-9.1.19-0.5.1
postgresql91-docs-9.1.19-0.5.1
postgresql91-server-9.1.19-0.5.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
postgresql91-9.1.19-0.5.1
postgresql91-contrib-9.1.19-0.5.1
postgresql91-docs-9.1.19-0.5.1
postgresql91-server-9.1.19-0.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
postgresql91-9.1.19-0.5.1
postgresql91-contrib-9.1.19-0.5.1
postgresql91-docs-9.1.19-0.5.1
postgresql91-server-9.1.19-0.5.1
SUSE Linux Enterprise Software Development Kit 11 SP3
postgresql91-devel-9.1.19-0.5.1
SUSE Manager 2.1
postgresql91-pltcl-9.1.19-0.5.1
SUSE Studio Onsite 1.3
postgresql91-devel-9.1.19-0.5.1
Ссылки
- Link for SUSE-SU-2016:0389-1
- E-Mail link for SUSE-SU-2016:0389-1
- SUSE Security Ratings
- SUSE Bug 949669
- SUSE CVE CVE-2015-5288 page
Описание
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.19-0.5.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-docs-9.1.19-0.5.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-9.1.19-0.5.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:postgresql91-contrib-9.1.19-0.5.1
Ссылки
- CVE-2015-5288
- SUSE Bug 949669
- SUSE Bug 949670