Описание
Security update for postgresql94
This update for postgresql94 to version 9.4.9 fixes the several issues.
These security issues were fixed:
- CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454).
- CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453).
For the non-security issues please refer to
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
Ссылки
- Link for SUSE-SU-2016:2418-1
- E-Mail link for SUSE-SU-2016:2418-1
- SUSE Security Ratings
- SUSE Bug 993453
- SUSE Bug 993454
- SUSE CVE CVE-2016-5423 page
- SUSE CVE CVE-2016-5424 page
Описание
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
Затронутые продукты
Ссылки
- CVE-2016-5423
- SUSE Bug 1041981
- SUSE Bug 1042497
- SUSE Bug 1052683
- SUSE Bug 993454
Описание
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Затронутые продукты
Ссылки
- CVE-2016-5424
- SUSE Bug 1041981
- SUSE Bug 1042497
- SUSE Bug 1052683
- SUSE Bug 993453