openSUSE Security Update : postgresql94 (openSUSE-2016-271)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for postgresql94 fixes the following issues :

- Security and bugfix release 9.4.6 :

- *** IMPORTANT *** Users of version 9.4 will need to
reindex any jsonb_path_ops indexes they have created, in
order to fix a persistent issue with missing index
entries.

- Fix infinite loops and buffer-overrun problems in
regular expressions (CVE-2016-0773, bsc#966436).

- Fix regular-expression compiler to handle loops of
constraint arcs (CVE-2007-4772).

- Prevent certain PL/Java parameters from being set by
non-superusers (CVE-2016-0766, bsc#966435).

- Fix many issues in pg_dump with specific object types

- Prevent over-eager pushdown of HAVING clauses for
GROUPING SETS

- Fix deparsing error with ON CONFLICT ... WHERE clauses

- Fix tableoid errors for postgres_fdw

- Prevent floating-point exceptions in pgbench

- Make \det search Foreign Table names consistently

- Fix quoting of domain constraint names in pg_dump

- Prevent putting expanded objects into Const nodes

- Allow compile of PL/Java on Windows

- Fix 'unresolved symbol' errors in PL/Python execution

- Allow Python2 and Python3 to be used in the same
database

- Add support for Python 3.5 in PL/Python

- Fix issue with subdirectory creation during initdb

- Make pg_ctl report status correctly on Windows

- Suppress confusing error when using pg_receivexlog with
older servers

- Multiple documentation corrections and additions

- Fix erroneous hash calculations in
gin_extract_jsonb_path()

- For the full release notse, see:
http://www.postgresql.org/docs/9.4/static/release-9-4-6.
html

- PL/Perl still needs to be linked with rpath, so that it
can find libperl.so at runtime. bsc#578053,
postgresql-plperl-keep-rpath.patch

This update was imported from the SUSE:SLE-12:Update update project.

See also :

http://www.postgresql.org/docs/9.4/static/release-9-4-6.html
https://bugzilla.opensuse.org/show_bug.cgi?id=578053
https://bugzilla.opensuse.org/show_bug.cgi?id=966435
https://bugzilla.opensuse.org/show_bug.cgi?id=966436

Solution :

Update the affected postgresql94 packages.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88980 ()

Bugtraq ID:

CVE ID: CVE-2007-4772
CVE-2016-0766
CVE-2016-0773

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now