Security update for postgresql93

Announcement ID: SUSE-SU-2016:0539-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2016-0766 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-0766 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-0773 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Software Development Kit 12

An update that solves three vulnerabilities can now be installed.

Description:

This update for postgresql93 fixes the following issues:

  • Security and bugfix release 9.3.11:
  • Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436).
  • Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772).
  • Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435).
  • Fix many issues in pg_dump with specific object types
  • Prevent over-eager pushdown of HAVING clauses for GROUPING SETS
  • Fix deparsing error with ON CONFLICT ... WHERE clauses
  • Fix tableoid errors for postgres_fdw
  • Prevent floating-point exceptions in pgbench
  • Make \det search Foreign Table names consistently
  • Fix quoting of domain constraint names in pg_dump
  • Prevent putting expanded objects into Const nodes
  • Allow compile of PL/Java on Windows
  • Fix "unresolved symbol" errors in PL/Python execution
  • Allow Python2 and Python3 to be used in the same database
  • Add support for Python 3.5 in PL/Python
  • Fix issue with subdirectory creation during initdb
  • Make pg_ctl report status correctly on Windows
  • Suppress confusing error when using pg_receivexlog with older servers
  • Multiple documentation corrections and additions
  • Fix erroneous hash calculations in gin_extract_jsonb_path()
  • For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11.html

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12
    zypper in -t patch SUSE-SLE-DESKTOP-12-2016-292=1
  • SUSE Linux Enterprise Software Development Kit 12
    zypper in -t patch SUSE-SLE-SDK-12-2016-292=1
  • SUSE Linux Enterprise Server 12
    zypper in -t patch SUSE-SLE-SERVER-12-2016-292=1
  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SERVER-12-2016-292=1

Package List:

  • SUSE Linux Enterprise Desktop 12 (x86_64)
    • postgresql93-debuginfo-9.3.11-14.2
    • postgresql93-debugsource-9.3.11-14.2
    • postgresql93-9.3.11-14.2
  • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
    • postgresql93-libs-debugsource-9.3.11-14.1
    • postgresql93-devel-debuginfo-9.3.11-14.1
    • postgresql93-devel-9.3.11-14.1
  • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
    • postgresql93-server-9.3.11-14.2
    • postgresql93-debuginfo-9.3.11-14.2
    • postgresql93-debugsource-9.3.11-14.2
    • postgresql93-contrib-9.3.11-14.2
    • postgresql93-9.3.11-14.2
    • postgresql93-contrib-debuginfo-9.3.11-14.2
    • postgresql93-server-debuginfo-9.3.11-14.2
  • SUSE Linux Enterprise Server 12 (noarch)
    • postgresql93-docs-9.3.11-14.2
  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • postgresql93-server-9.3.11-14.2
    • postgresql93-debuginfo-9.3.11-14.2
    • postgresql93-debugsource-9.3.11-14.2
    • postgresql93-contrib-9.3.11-14.2
    • postgresql93-9.3.11-14.2
    • postgresql93-contrib-debuginfo-9.3.11-14.2
    • postgresql93-server-debuginfo-9.3.11-14.2
  • SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
    • postgresql93-docs-9.3.11-14.2

References: