openSUSE Security Update: Security update for postgresql92 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1919-1 Rating: moderate References: #949669 Cross-References: CVE-2015-5288 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: postgresql92 was updated to version 9.2.14 to fix one security issue. This security issue was fixed: - CVE-2015-5288: The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allowed attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt (bsc#949669). For the full release notes see: http://www.postgresql.org/docs/current/static/release-9-2-14.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2015-708=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libecpg6-9.2.14-4.7.1 libecpg6-debuginfo-9.2.14-4.7.1 libpq5-9.2.14-4.7.1 libpq5-debuginfo-9.2.14-4.7.1 postgresql92-9.2.14-4.7.2 postgresql92-contrib-9.2.14-4.7.2 postgresql92-contrib-debuginfo-9.2.14-4.7.2 postgresql92-debuginfo-9.2.14-4.7.2 postgresql92-debugsource-9.2.14-4.7.2 postgresql92-devel-9.2.14-4.7.1 postgresql92-devel-debuginfo-9.2.14-4.7.1 postgresql92-libs-debugsource-9.2.14-4.7.1 postgresql92-plperl-9.2.14-4.7.2 postgresql92-plperl-debuginfo-9.2.14-4.7.2 postgresql92-plpython-9.2.14-4.7.2 postgresql92-plpython-debuginfo-9.2.14-4.7.2 postgresql92-pltcl-9.2.14-4.7.2 postgresql92-pltcl-debuginfo-9.2.14-4.7.2 postgresql92-server-9.2.14-4.7.2 postgresql92-server-debuginfo-9.2.14-4.7.2 - openSUSE 13.1 (x86_64): libecpg6-32bit-9.2.14-4.7.1 libecpg6-debuginfo-32bit-9.2.14-4.7.1 libpq5-32bit-9.2.14-4.7.1 libpq5-debuginfo-32bit-9.2.14-4.7.1 - openSUSE 13.1 (noarch): postgresql92-docs-9.2.14-4.7.2 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://bugzilla.suse.com/949669