Security update for postgresql94
This update for postgresql94 to version 9.4.9 fixes the several issues.
These security issues were fixed:
- CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454).
- CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453).
This non-security issue was fixed:
- bsc#973660: Added "Requires: timezone" to Service Pack
For additional non-security issues please refer to
- http://www.postgresql.org/docs/9.4/static/release-9-4-9.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-8.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-7.html
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Fabian Weiß (faweiss)
Fixed bugs
bnc#973660
postgresql needs Requires for timezone to be run in docker image
bnc#993453
VUL-0: CVE-2016-5424 : postgresql: privilege escalation via crafted database and role names
bnc#993454
VUL-0: CVE-2016-5423: postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference
