Description
The PostreSQL database postgresql93 was updated to the bugfix release
9.3.10:
Security issues fixed:
- CVE-2015-5289, bsc#949670: json or jsonb input values constructed from
arbitrary user input can crash the PostgreSQL server and cause a denial
of service.
- CVE-2015-5288, bsc#949669: The crypt() function included with the
optional pgCrypto extension could be exploited to read a few additional
bytes of memory. No working exploit for this issue has been developed.
For the full release notes, see:
http://www.postgresql.org/docs/current/static/release-9-3-10.html
Other bugs fixed:
* Move systemd related stuff and user creation to postgresql-init.
* Remove some obsolete %suse_version conditionals.
* Relax dependency on libpq to major version.
* Fix possible failure to recover from an inconsistent database state. See
full release notes for details.
* Fix rare failure to invalidate relation cache init file.
* Avoid deadlock between incoming sessions and CREATE/DROP DATABASE.
* Improve planner's cost estimates for semi-joins and anti-joins with
inner indexscans
* For the full release notes for 9.3.9 see:
http://www.postgresql.org/docs/9.3/static/release-9-3-9.html