postgresql: updates to 9.0.16 security release

- Security and bugfix release 9.0.16:
*Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060)
*Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061)
*Avoid multiple name lookups during table and index DDL (CVE-2014-0062)
*Prevent buffer overrun with long datetime strings (CVE-2014-0063)
*Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064)
*Prevent overruns of fixed-size buffers (CVE-2014-0065)
*Avoid crashing if crypt() returns NULL (CVE-2014-0066)
*Document risks of make check in the regression testing instructions (CVE-2014-0067)
- for details see:
http://www.postgresql.org/docs/9.0/static/release-9-0-16.html

Fixed bugs
bnc#864853
VUL-0: CVE-2014-0066: postgresql: NULL pointer dereference
bnc#864852
VUL-0: CVE-2014-0065: postgresql: possible buffer overflow flaws
bnc#864851
VUL-0: CVE-2014-0064: postgresql: integer overflows leading to buffer overflows
bnc#864850
VUL-0: CVE-2014-0063: postgresql: stack-based buffer overflow in datetime input/output
bnc#864847
VUL-0: CVE-2014-0062: postgresql: CREATE INDEX race condition possibly leading to privilege escalation
bnc#864846
VUL-0: CVE-2014-0061: postgresql: privilege escalation via procedural language validator functions
bnc#864845
VUL-0: CVE-2014-0060: postgresql: SET ROLE without ADMIN OPTION allows adding and removing group
Selected Binaries
openSUSE Build Service is sponsored by