Описание
Security update for postgresql94
This update of postgresql94 to 9.4.5 fixes the following issues:
- CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670)
- CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)
Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
Ссылки
- Link for SUSE-SU-2016:0482-1
- E-Mail link for SUSE-SU-2016:0482-1
- SUSE Security Ratings
- SUSE Bug 949669
- SUSE Bug 949670
- SUSE CVE CVE-2015-5288 page
- SUSE CVE CVE-2015-5289 page
Описание
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
Затронутые продукты
Ссылки
- CVE-2015-5288
- SUSE Bug 949669
- SUSE Bug 949670
Описание
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Затронутые продукты
Ссылки
- CVE-2015-5289
- SUSE Bug 949669
- SUSE Bug 949670