Security update for postgresql93
| Announcement ID: | SUSE-SU-2015:1264-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7.
Security issues fixed:
- CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires.
- CVE-2015-3166, bsc#931973: Consistently check for failure of the printf() family of functions.
- CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data"
Bugs fixed:
- Protect against wraparound of multixact member IDs.
- Avoid failures while fsync'ing data directory during crash restart.
- Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set.
-
Allow libpq to use TLS protocol versions beyond v1.
-
For the full release notes, see the following two URLs http://www.postgresql.org/docs/9.3/static/release-9-3-8.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-328=1 -
SUSE Linux Enterprise Software Development Kit 12
zypper in -t patch SUSE-SLE-SDK-12-2015-328=1 -
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-328=1 -
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-328=1
Package List:
-
SUSE Linux Enterprise Desktop 12 (x86_64)
- libpq5-32bit-9.3.8-8.1
- postgresql93-debugsource-9.3.8-8.1
- postgresql93-debuginfo-9.3.8-8.1
- libpq5-debuginfo-32bit-9.3.8-8.1
- libecpg6-9.3.8-8.1
- libpq5-debuginfo-9.3.8-8.1
- postgresql93-9.3.8-8.1
- libecpg6-debuginfo-9.3.8-8.1
- postgresql93-libs-debugsource-9.3.8-8.1
- libpq5-9.3.8-8.1
-
SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
- postgresql93-libs-debugsource-9.3.8-8.1
- postgresql93-devel-9.3.8-8.1
- postgresql93-devel-debuginfo-9.3.8-8.1
-
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
- postgresql93-debugsource-9.3.8-8.1
- postgresql93-debuginfo-9.3.8-8.1
- libecpg6-9.3.8-8.1
- postgresql93-server-9.3.8-8.1
- postgresql93-server-debuginfo-9.3.8-8.1
- libpq5-debuginfo-9.3.8-8.1
- postgresql93-contrib-debuginfo-9.3.8-8.1
- postgresql93-9.3.8-8.1
- libecpg6-debuginfo-9.3.8-8.1
- postgresql93-libs-debugsource-9.3.8-8.1
- libpq5-9.3.8-8.1
- postgresql93-contrib-9.3.8-8.1
-
SUSE Linux Enterprise Server 12 (noarch)
- postgresql93-docs-9.3.8-8.1
-
SUSE Linux Enterprise Server 12 (s390x x86_64)
- libpq5-32bit-9.3.8-8.1
- libpq5-debuginfo-32bit-9.3.8-8.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- libpq5-32bit-9.3.8-8.1
- postgresql93-debugsource-9.3.8-8.1
- postgresql93-debuginfo-9.3.8-8.1
- libpq5-debuginfo-32bit-9.3.8-8.1
- libecpg6-9.3.8-8.1
- postgresql93-server-9.3.8-8.1
- postgresql93-server-debuginfo-9.3.8-8.1
- libpq5-debuginfo-9.3.8-8.1
- postgresql93-contrib-debuginfo-9.3.8-8.1
- postgresql93-9.3.8-8.1
- libecpg6-debuginfo-9.3.8-8.1
- postgresql93-libs-debugsource-9.3.8-8.1
- libpq5-9.3.8-8.1
- postgresql93-contrib-9.3.8-8.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
- postgresql93-docs-9.3.8-8.1
References:
- https://www.suse.com/security/cve/CVE-2015-3165.html
- https://www.suse.com/security/cve/CVE-2015-3166.html
- https://www.suse.com/security/cve/CVE-2015-3167.html
- https://bugzilla.suse.com/show_bug.cgi?id=931972
- https://bugzilla.suse.com/show_bug.cgi?id=931973
- https://bugzilla.suse.com/show_bug.cgi?id=931974