Security update for postgresql93 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1907-1 Final 1 1 2015-10-22T15:14:22Z current 2015-10-22T15:14:22Z 2015-10-22T15:14:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql93 postgresql93 was updated to version 9.3.10 to fix two security issues. These security issues were fixed: - CVE-2015-5288: Unchecked JSON input can crash the server (bsc#949669). - CVE-2015-5289: Memory leak in crypt() function (bsc#949670). For the full release notes, please see: http://www.postgresql.org/docs/current/static/release-9-3-10.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html E-Mail link for openSUSE-SU-2015:1907-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libecpg6-9.3.10-2.7.1 libecpg6-32bit-9.3.10-2.7.1 libecpg6-debuginfo-9.3.10-2.7.1 libecpg6-debuginfo-32bit-9.3.10-2.7.1 libpq5-9.3.10-2.7.1 libpq5-32bit-9.3.10-2.7.1 libpq5-debuginfo-9.3.10-2.7.1 libpq5-debuginfo-32bit-9.3.10-2.7.1 postgresql93-9.3.10-2.7.1 postgresql93-contrib-9.3.10-2.7.1 postgresql93-contrib-debuginfo-9.3.10-2.7.1 postgresql93-debuginfo-9.3.10-2.7.1 postgresql93-debugsource-9.3.10-2.7.1 postgresql93-devel-9.3.10-2.7.1 postgresql93-devel-debuginfo-9.3.10-2.7.1 postgresql93-docs-9.3.10-2.7.1 postgresql93-libs-9.3.10-2.7.1 postgresql93-libs-debugsource-9.3.10-2.7.1 postgresql93-plperl-9.3.10-2.7.1 postgresql93-plperl-debuginfo-9.3.10-2.7.1 postgresql93-plpython-9.3.10-2.7.1 postgresql93-plpython-debuginfo-9.3.10-2.7.1 postgresql93-pltcl-9.3.10-2.7.1 postgresql93-pltcl-debuginfo-9.3.10-2.7.1 postgresql93-server-9.3.10-2.7.1 postgresql93-server-debuginfo-9.3.10-2.7.1 postgresql93-test-9.3.10-2.7.1 libecpg6-9.3.10-2.7.1 as a component of openSUSE 13.2 libecpg6-32bit-9.3.10-2.7.1 as a component of openSUSE 13.2 libecpg6-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 libecpg6-debuginfo-32bit-9.3.10-2.7.1 as a component of openSUSE 13.2 libpq5-9.3.10-2.7.1 as a component of openSUSE 13.2 libpq5-32bit-9.3.10-2.7.1 as a component of openSUSE 13.2 libpq5-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 libpq5-debuginfo-32bit-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-contrib-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-contrib-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-debugsource-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-devel-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-devel-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-docs-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-libs-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-libs-debugsource-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-plperl-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-plperl-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-plpython-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-plpython-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-pltcl-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-pltcl-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-server-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-server-debuginfo-9.3.10-2.7.1 as a component of openSUSE 13.2 postgresql93-test-9.3.10-2.7.1 as a component of openSUSE 13.2 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. CVE-2015-5288 openSUSE 13.2:libecpg6-32bit-9.3.10-2.7.1 openSUSE 13.2:libecpg6-9.3.10-2.7.1 openSUSE 13.2:libecpg6-debuginfo-32bit-9.3.10-2.7.1 openSUSE 13.2:libecpg6-debuginfo-9.3.10-2.7.1 openSUSE 13.2:libpq5-32bit-9.3.10-2.7.1 openSUSE 13.2:libpq5-9.3.10-2.7.1 openSUSE 13.2:libpq5-debuginfo-32bit-9.3.10-2.7.1 openSUSE 13.2:libpq5-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-9.3.10-2.7.1 openSUSE 13.2:postgresql93-contrib-9.3.10-2.7.1 openSUSE 13.2:postgresql93-contrib-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-debugsource-9.3.10-2.7.1 openSUSE 13.2:postgresql93-devel-9.3.10-2.7.1 openSUSE 13.2:postgresql93-devel-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-docs-9.3.10-2.7.1 openSUSE 13.2:postgresql93-libs-9.3.10-2.7.1 openSUSE 13.2:postgresql93-libs-debugsource-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plperl-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plperl-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plpython-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plpython-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-pltcl-9.3.10-2.7.1 openSUSE 13.2:postgresql93-pltcl-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-server-9.3.10-2.7.1 openSUSE 13.2:postgresql93-server-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-test-9.3.10-2.7.1 moderate 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html https://www.suse.com/security/cve/CVE-2015-5288.html CVE-2015-5288 https://bugzilla.suse.com/949669 SUSE Bug 949669 https://bugzilla.suse.com/949670 SUSE Bug 949670 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. CVE-2015-5289 openSUSE 13.2:libecpg6-32bit-9.3.10-2.7.1 openSUSE 13.2:libecpg6-9.3.10-2.7.1 openSUSE 13.2:libecpg6-debuginfo-32bit-9.3.10-2.7.1 openSUSE 13.2:libecpg6-debuginfo-9.3.10-2.7.1 openSUSE 13.2:libpq5-32bit-9.3.10-2.7.1 openSUSE 13.2:libpq5-9.3.10-2.7.1 openSUSE 13.2:libpq5-debuginfo-32bit-9.3.10-2.7.1 openSUSE 13.2:libpq5-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-9.3.10-2.7.1 openSUSE 13.2:postgresql93-contrib-9.3.10-2.7.1 openSUSE 13.2:postgresql93-contrib-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-debugsource-9.3.10-2.7.1 openSUSE 13.2:postgresql93-devel-9.3.10-2.7.1 openSUSE 13.2:postgresql93-devel-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-docs-9.3.10-2.7.1 openSUSE 13.2:postgresql93-libs-9.3.10-2.7.1 openSUSE 13.2:postgresql93-libs-debugsource-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plperl-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plperl-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plpython-9.3.10-2.7.1 openSUSE 13.2:postgresql93-plpython-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-pltcl-9.3.10-2.7.1 openSUSE 13.2:postgresql93-pltcl-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-server-9.3.10-2.7.1 openSUSE 13.2:postgresql93-server-debuginfo-9.3.10-2.7.1 openSUSE 13.2:postgresql93-test-9.3.10-2.7.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html https://www.suse.com/security/cve/CVE-2015-5289.html CVE-2015-5289 https://bugzilla.suse.com/949669 SUSE Bug 949669 https://bugzilla.suse.com/949670 SUSE Bug 949670