https://www.postgresql.org/docs/9.5/static/release-9-5-11.html...">Security update for postgresql95 (important) - vulnerability database | Vulners.comhttps://www.postgresql.org/docs/9.5/static/release-9-5-11.html...">https://www.postgresql.org/docs/9.5/static/release-9-5-11.html...">https://www.postgresql.org/docs/9.5/static/release-9-5-11.html...">
Lucene search

K
suseSuseOPENSUSE-SU-2018:0529-1
HistoryFeb 23, 2018 - 12:08 a.m.

Security update for postgresql95 (important)

2018-02-2300:08:24
lists.opensuse.org
90
postgresql
security
update
version 9.5.11
cve-2018-1053
cve-2017-15098
cve-2017-15099
security issues
temporary files
pg_upgrade
pg_rewind
linux system call
memory disclosure
json functions
insert
on conflict do update
information schema
rollback
ecpg's parser
pg_restore
user mapping options
authentication methods
lo_put() function

EPSS

0.28

Percentile

96.9%

This update for postgresql95 fixes the following issues:

Upate to PostgreSQL 9.5.11:

Security issues fixed:

 * <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-11.html">https://www.postgresql.org/docs/9.5/static/release-9-5-11.html</a>
 * CVE-2018-1053, boo#1077983: Ensure that all temporary files made by
   pg_upgrade are non-world-readable.
 * boo#1079757: Rename pg_rewind's copy_file_range function to avoid
   conflict with new Linux system call of that name.

In version 9.5.10:

 * <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-10.html">https://www.postgresql.org/docs/9.5/static/release-9-5-10.html</a>
 * CVE-2017-15098, boo#1067844: Memory disclosure in JSON functions.
 * CVE-2017-15099, boo#1067841: INSERT ... ON CONFLICT DO UPDATE fails to
   enforce SELECT privileges.

In version 9.5.9:

 * <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-9.html">https://www.postgresql.org/docs/9.5/static/release-9-5-9.html</a>
 * Show foreign tables in information_schema.table_privileges view.
 * Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM)
   that occurs while trying to execute a ROLLBACK of a failed transaction.
 * Remove assertion that could trigger during a fatal exit.
 * Correctly identify columns that are of a range type or domain type
   over a composite type or domain type being searched for.
 * Fix crash in pg_restore when using parallel mode and using a list file
   to select a subset of items to restore.
 * Change ecpg's parser to allow RETURNING clauses without attached C
   variables.

In version 9.5.8

 * <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-8.html">https://www.postgresql.org/docs/9.5/static/release-9-5-8.html</a>
 * CVE-2017-7547, boo#1051685: Further restrict visibility of
   pg_user_mappings.umoptions, to protect passwords stored as user
   mapping options.
 * CVE-2017-7546, boo#1051684: Disallow empty passwords in all
   password-based authentication methods.
 * CVE-2017-7548, boo#1053259: lo_put() function ignores ACLs.