SUSE-OU-2015:1847-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2015/suse-ou-20151847-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-OU-2015:1847-1

Upstream

CVE-2015-5288

CVE-2015-5289

Related

CVE-2015-5288
CVE-2015-5289

Published

2015-10-21T08:07:51Z

Modified

2026-02-04T04:23:28.022442Z

Summary

Optional update for postgresql94

Details

This update delivers PostgreSQL 9.4.5 to the SUSE Linux Enterprise 12 codebase.

Major enhancements:

Security and bugfix release 9.4.5:
- CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
- CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
Add jsonb, a more capable and efficient data type for storing JSON data
Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries
Reduce lock strength for some ALTER TABLE commands
Allow materialized views to be refreshed without blocking concurrent reads
Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format
Allow background worker processes to be dynamically registered, started and terminated
For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html
Move systemd related stuff and user creation to postgresql-init (bsc#950486)
Remove some obsolete %suse_version conditionals
Adjust build time dependencies.
Fix some more rpmlint warnings.
Relax dependency on libpq to major version.
Make sure that plpgsql.h gets installed, because pldebugger needs it.
Move ~postgres/.bash_profile to postgresql-server to avoid a file conflict between the versioned server packages.

Full release notes can be found here: http://www.postgresql.org/docs/9.4/static/release-9-4.html

The existing client libraries libecpg6 and libpq5 are now taken from the postgresql94 build instgead of the postgresql93 build.

References

Affected packages

SUSE:Linux Enterprise Desktop 12

postgresql94

Package

Name: postgresql94
Purl: pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.5

Ecosystem specific

{
    "binaries": [
        {
            "libecpg6": "9.4.5-4.1",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

postgresql94-libs

Package

Name: postgresql94-libs
Purl: pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.1

Ecosystem specific

{
    "binaries": [
        {
            "libecpg6": "9.4.5-4.1",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

SUSE:Linux Enterprise Server 12

postgresql-init

Package

Name: postgresql-init
Purl: pkg:rpm/suse/postgresql-init&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4-17.8.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

postgresql94

Package

Name: postgresql94
Purl: pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.5

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

postgresql94-libs

Package

Name: postgresql94-libs
Purl: pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

SUSE:Linux Enterprise Server for SAP Applications 12

postgresql-init

Package

Name: postgresql-init
Purl: pkg:rpm/suse/postgresql-init&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4-17.8.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

postgresql94

Package

Name: postgresql94
Purl: pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.5

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

postgresql94-libs

Package

Name: postgresql94-libs
Purl: pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-docs": "9.4.5-4.5",
            "postgresql-init": "9.4-17.8.1",
            "postgresql94-server": "9.4.5-4.5",
            "libpq5": "9.4.5-4.1",
            "libpq5-32bit": "9.4.5-4.1",
            "postgresql94-contrib": "9.4.5-4.5",
            "libecpg6": "9.4.5-4.1",
            "postgresql94": "9.4.5-4.5"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"

SUSE:Linux Enterprise Software Development Kit 12

postgresql94-libs

Package

Name: postgresql94-libs
Purl: pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-4.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94-devel": "9.4.5-4.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-OU-2015:1847-1.json"