Security update for postgresql93 (important)

ID OPENSUSE-SU-2016:2425-1
Type suse
Reporter Suse
Modified 2016-09-30T18:11:27


The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues:

Update to version 9.3.14: * Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454) * Fix client programs' handling of special characters in database and role names (CVE-2016-5424, boo#993453) * Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values * Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields * Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates * Fix several one-byte buffer over-reads in to_number() * Avoid unsafe intermediate state during expensive paths through heap_update() * For the other bug fixes, see the release notes: <a rel="nofollow" href=""></a>

Update to version 9.3.13:

This update fixes several problems which caused downtime for users, including: - Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers - Fixed the "failed to build N-way joins" planner error - Fixed incorrect handling of equivalence in multilevel nestloop query plans, which could emit rows which didn't match the WHERE clause. - Prevented two memory leaks with using GIN indexes, including a potential index corruption risk. The release also includes many other bug fixes for reported issues, many of which affect all supported versions: - Fix corner-case parser failures occurring when operator_precedence_warning is turned on - Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp() - Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect - Disallow newlines in ALTER SYSTEM parameter values - Avoid possible misbehavior after failing to remove a tablespace symlink - Fix crash in logical decoding on alignment-picky platforms - Avoid repeated requests for feedback from receiver while shutting down walsender - Multiple fixes for pg_upgrade - Support building with Visual Studio 2015 - This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk. <a rel="nofollow" href=""></a>

Update to version 9.3.12:

  • Fix two bugs in indexed ROW() comparisons
  • Avoid data loss due to renaming files
  • Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE
  • Fix bugs in multiple json_ and jsonb_ functions
  • Log lock waits for INSERT ON CONFLICT correctly
  • Ignore recovery_min_apply_delay until reaching a consistent state
  • Fix issue with pg_subtrans XID wraparound
  • Fix assorted bugs in Logical Decoding
  • Fix planner error with nested security barrier views
  • Prevent memory leak in GIN indexes
  • Fix two issues with ispell dictionaries
  • Avoid a crash on old Windows versions
  • Skip creating an erroneous delete script in pg_upgrade
  • Correctly translate empty arrays into PL/Perl
  • Make PL/Python cope with identifier names

For the full release notes, see: <a rel="nofollow" href=""></a>