openSUSE Security Update : postgresql93 (openSUSE-2016-253)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for postgresql93 fixes the following issues :

- Security and bugfix release 9.3.11 :

- Fix infinite loops and buffer-overrun problems in
regular expressions (CVE-2016-0773, boo#966436).

- Fix regular-expression compiler to handle loops of
constraint arcs (CVE-2007-4772).

- Prevent certain PL/Java parameters from being set by
non-superusers (CVE-2016-0766, boo#966435).

- Fix many issues in pg_dump with specific object types

- Prevent over-eager pushdown of HAVING clauses for
GROUPING SETS

- Fix deparsing error with ON CONFLICT ... WHERE clauses

- Fix tableoid errors for postgres_fdw

- Prevent floating-point exceptions in pgbench

- Make \det search Foreign Table names consistently

- Fix quoting of domain constraint names in pg_dump

- Prevent putting expanded objects into Const nodes

- Allow compile of PL/Java on Windows

- Fix 'unresolved symbol' errors in PL/Python execution

- Allow Python2 and Python3 to be used in the same
database

- Add support for Python 3.5 in PL/Python

- Fix issue with subdirectory creation during initdb

- Make pg_ctl report status correctly on Windows

- Suppress confusing error when using pg_receivexlog with
older servers

- Multiple documentation corrections and additions

- Fix erroneous hash calculations in
gin_extract_jsonb_path()

- For the full release notse, see:
http://www.postgresql.org/docs/9.3/static/release-9-3-11
.html

See also :

http://www.postgresql.org/docs/9.3/static/release-9-3-11.html
https://bugzilla.opensuse.org/show_bug.cgi?id=966435
https://bugzilla.opensuse.org/show_bug.cgi?id=966436

Solution :

Update the affected postgresql93 packages.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88926 ()

Bugtraq ID:

CVE ID: CVE-2007-4772
CVE-2016-0766
CVE-2016-0773

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now