openSUSE Security Update : postgresql93 (openSUSE-2017-472)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for postgresql93 to version 9.3.14 fixes the several
issues.

These security issues were fixed :

- CVE-2016-5423: CASE/WHEN with inlining can cause
untrusted pointer dereference (bsc#993454).

- CVE-2016-5424: Fix client programs' handling of special
characters in database and role names (bsc#993453).

This non-security issue was fixed :

- bsc#973660: Added 'Requires: timezone' to Service Pack

- bsc#1029547: postgresql: fails to build with timezone
2017a

For additional non-security issues please refer to

- http://www.postgresql.org/docs/9.3/static/release-9-3-14.html

- http://www.postgresql.org/docs/9.3/static/release-9-3-13.html

- http://www.postgresql.org/docs/9.4/static/release-9-3-12.html

This update was imported from the SUSE:SLE-12:Update update project.

See also :

http://www.postgresql.org/docs/9.3/static/release-9-3-13.html
http://www.postgresql.org/docs/9.3/static/release-9-3-14.html
http://www.postgresql.org/docs/9.4/static/release-9-3-12.html
https://bugzilla.opensuse.org/show_bug.cgi?id=1029547
https://bugzilla.opensuse.org/show_bug.cgi?id=973660
https://bugzilla.opensuse.org/show_bug.cgi?id=993453
https://bugzilla.opensuse.org/show_bug.cgi?id=993454

Solution :

Update the affected postgresql93 packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 99417 ()

Bugtraq ID:

CVE ID: CVE-2016-5423
CVE-2016-5424

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now