openSUSE Security Update: Security and bugfix release for PostgreSQL ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0499-1 Rating: moderate References: Cross-References: CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: - Security and bugfix release 9.0.19: *Fix buffer overruns in to_char() (CVE-2015-0241) *Fix buffer overrun in replacement *printf() functions (CVE-2015-0242) *Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243) *Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244) *Fix information leak via constraint-violation error messages (CVE-2014-8161) - for details see: http://www.postgresql.org/docs/9.0/static/release-9-0-19.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2015-9=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): libecpg6-9.0.19-47.1 libecpg6-debuginfo-9.0.19-47.1 libpq5-9.0.19-47.1 libpq5-debuginfo-9.0.19-47.1 postgresql-9.0.19-47.1 postgresql-contrib-9.0.19-47.1 postgresql-contrib-debuginfo-9.0.19-47.1 postgresql-debuginfo-9.0.19-47.1 postgresql-debugsource-9.0.19-47.1 postgresql-devel-9.0.19-47.1 postgresql-devel-debuginfo-9.0.19-47.1 postgresql-libs-debugsource-9.0.19-47.1 postgresql-plperl-9.0.19-47.1 postgresql-plperl-debuginfo-9.0.19-47.1 postgresql-plpython-9.0.19-47.1 postgresql-plpython-debuginfo-9.0.19-47.1 postgresql-pltcl-9.0.19-47.1 postgresql-pltcl-debuginfo-9.0.19-47.1 postgresql-server-9.0.19-47.1 postgresql-server-debuginfo-9.0.19-47.1 - openSUSE Evergreen 11.4 (x86_64): libpq5-32bit-9.0.19-47.1 libpq5-debuginfo-32bit-9.0.19-47.1 - openSUSE Evergreen 11.4 (noarch): postgresql-docs-9.0.19-47.1 - openSUSE Evergreen 11.4 (ia64): libpq5-debuginfo-x86-9.0.19-47.1 libpq5-x86-9.0.19-47.1 References: http://support.novell.com/security/cve/CVE-2014-8161.html http://support.novell.com/security/cve/CVE-2015-0241.html http://support.novell.com/security/cve/CVE-2015-0242.html http://support.novell.com/security/cve/CVE-2015-0243.html http://support.novell.com/security/cve/CVE-2015-0244.html