Overview

File _patchinfo of Package patchinfo.2014

<patchinfo incident="2014">
  <issue id="966435" tracker="bnc">VUL-0: CVE-2016-0766: postgresql: privilege escalation issue for users of PL/Java</issue>
  <issue id="966436" tracker="bnc">VUL-0: CVE-2016-0773: postgresql: buffer overrun in regular expression processing</issue>
  <issue id="578053" tracker="bnc">postgresql-plperl looks for libperl.so in the wrong place</issue>
  <issue id="CVE-2007-4772" tracker="cve" />
  <issue id="CVE-2016-0766" tracker="cve" />
  <issue id="CVE-2016-0773" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>rmax</packager>
  <description>
This update for postgresql94 fixes the following issues: 

- Security and bugfix release 9.4.6:
  * *** IMPORTANT ***
    Users of version 9.4 will need to reindex any jsonb_path_ops
    indexes they have created, in order to fix a persistent issue
    with missing index entries.
  * Fix infinite loops and buffer-overrun problems in regular
    expressions (CVE-2016-0773, bsc#966436).
  * Fix regular-expression compiler to handle loops of constraint
    arcs (CVE-2007-4772).
  * Prevent certain PL/Java parameters from being set by
    non-superusers (CVE-2016-0766, bsc#966435).
  * Fix many issues in pg_dump with specific object types
  * Prevent over-eager pushdown of HAVING clauses for
    GROUPING SETS
  * Fix deparsing error with ON CONFLICT ... WHERE clauses
  * Fix tableoid errors for postgres_fdw
  * Prevent floating-point exceptions in pgbench
  * Make \det search Foreign Table names consistently
  * Fix quoting of domain constraint names in pg_dump
  * Prevent putting expanded objects into Const nodes
  * Allow compile of PL/Java on Windows
  * Fix "unresolved symbol" errors in PL/Python execution
  * Allow Python2 and Python3 to be used in the same database
  * Add support for Python 3.5 in PL/Python
  * Fix issue with subdirectory creation during initdb
  * Make pg_ctl report status correctly on Windows
  * Suppress confusing error when using pg_receivexlog with older
    servers
  * Multiple documentation corrections and additions
  * Fix erroneous hash calculations in gin_extract_jsonb_path()
- For the full release notse, see:
  http://www.postgresql.org/docs/9.4/static/release-9-4-6.html

- PL/Perl still needs to be linked with rpath, so that it can find
  libperl.so at runtime.
  bsc#578053, postgresql-plperl-keep-rpath.patch
</description>
  <summary>Security update for postgresql94</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places