Detections
Analytics

openSUSE Security Update : postgresql93 (openSUSE-2016-1140)

high Nessus Plugin ID 93825

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues :

Update to version 9.3.14 :

 - Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454)

 - Fix client programs' handling of special characters in database and role names (CVE-2016-5424, boo#993453)

 - Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values

 - Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields

 - Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates

 - Fix several one-byte buffer over-reads in to_number()

 - Avoid unsafe intermediate state during expensive paths through heap_update()

 - For the other bug fixes, see the release notes:
 https://www.postgresql.org/docs/9.3/static/release-9-3-1 4.html

Update to version 9.3.13 :

This update fixes several problems which caused downtime for users, including :

 - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers

 - Fixed the 'failed to build N-way joins' planner error

 - Fixed incorrect handling of equivalence in multilevel nestloop query plans, which could emit rows which didn't match the WHERE clause.

 - Prevented two memory leaks with using GIN indexes, including a potential index corruption risk. The release also includes many other bug fixes for reported issues, many of which affect all supported versions :

 - Fix corner-case parser failures occurring when operator_precedence_warning is turned on

 - Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp()

 - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect

 - Disallow newlines in ALTER SYSTEM parameter values

 - Avoid possible misbehavior after failing to remove a tablespace symlink

 - Fix crash in logical decoding on alignment-picky platforms

 - Avoid repeated requests for feedback from receiver while shutting down walsender

 - Multiple fixes for pg_upgrade

 - Support building with Visual Studio 2015

 - This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk.
 http://www.postgresql.org/docs/current/static/release-9- 3-13.html

Update to version 9.3.12 :

 - Fix two bugs in indexed ROW() comparisons

 - Avoid data loss due to renaming files

 - Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE

 - Fix bugs in multiple json_ and jsonb_ functions

 - Log lock waits for INSERT ON CONFLICT correctly

 - Ignore recovery_min_apply_delay until reaching a consistent state

 - Fix issue with pg_subtrans XID wraparound

 - Fix assorted bugs in Logical Decoding

 - Fix planner error with nested security barrier views

 - Prevent memory leak in GIN indexes

 - Fix two issues with ispell dictionaries

 - Avoid a crash on old Windows versions

 - Skip creating an erroneous delete script in pg_upgrade

 - Correctly translate empty arrays into PL/Perl

 - Make PL/Python cope with identifier names

For the full release notes, see:
http://www.postgresql.org/docs/9.4/static/release-9-3-12.html

Solution

Update the affected postgresql93 packages.

See Also

https://www.postgresql.org/docs/9.4/release-9-3-12.html

https://www.postgresql.org/docs/current/release-9-3-13.html

https://bugzilla.opensuse.org/show_bug.cgi?id=993453

https://bugzilla.opensuse.org/show_bug.cgi?id=993454

https://www.postgresql.org/docs/9.3/release-9-3-14.html

Plugin Details

Severity: High

ID: 93825

File Name: openSUSE-2016-1140.nasl

Version: 2.8

Type: local

Agent: unix

Published: 10/3/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Vulnerability Information

CPE: cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:postgresql93-debugsource, p-cpe:/a:novell:opensuse:postgresql93-pltcl, p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql93-test, p-cpe:/a:novell:opensuse:postgresql93-plperl-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-plperl, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:postgresql93-server, p-cpe:/a:novell:opensuse:libecpg6-debuginfo, p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:postgresql93-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql93, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-contrib, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:postgresql93-devel, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql93-server-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-debuginfo, p-cpe:/a:novell:opensuse:libecpg6-32bit, p-cpe:/a:novell:opensuse:postgresql93-devel-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-plpython, p-cpe:/a:novell:opensuse:postgresql93-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql93-libs-debugsource

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 9/30/2016

Reference Information

CVE: CVE-2016-5423, CVE-2016-5424