Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2415-1

Опубликовано: 29 сент. 2016
Источник: suse-cvrf

Описание

Security update for postgresql94

This update for postgresql94 to version 9.4.9 fixes the several issues.

These security issues were fixed:

  • CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454).
  • CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453).

This non-security issue was fixed:

  • bsc#973660: Added 'Requires: timezone' to Service Pack

For additional non-security issues please refer to

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libecpg6-9.4.9-14.1
libpq5-9.4.9-14.1
libpq5-32bit-9.4.9-14.1
postgresql94-9.4.9-14.1
SUSE Linux Enterprise Server 12 SP1
libecpg6-9.4.9-14.1
libpq5-9.4.9-14.1
libpq5-32bit-9.4.9-14.1
postgresql94-9.4.9-14.1
postgresql94-contrib-9.4.9-14.1
postgresql94-docs-9.4.9-14.1
postgresql94-server-9.4.9-14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libecpg6-9.4.9-14.1
libpq5-9.4.9-14.1
libpq5-32bit-9.4.9-14.1
postgresql94-9.4.9-14.1
postgresql94-contrib-9.4.9-14.1
postgresql94-docs-9.4.9-14.1
postgresql94-server-9.4.9-14.1
SUSE Linux Enterprise Software Development Kit 12 SP1
postgresql94-devel-9.4.9-14.1

Ссылки

Описание

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libecpg6-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:libpq5-32bit-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:libpq5-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:postgresql94-9.4.9-14.1
Ссылки

Описание

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libecpg6-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:libpq5-32bit-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:libpq5-9.4.9-14.1
SUSE Linux Enterprise Desktop 12 SP1:postgresql94-9.4.9-14.1
Ссылки
Уязвимость SUSE-SU-2016:2415-1