File _patchinfo of Package patchinfo.6325

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.6325

<patchinfo incident="6325">
  <issue id="1067844" tracker="bnc">VUL-0: CVE-2017-15098: postgresql94,postgresql96: Memory disclosure in JSON functions</issue>
  <issue id="1067841" tracker="bnc">VUL-0: CVE-2017-15099: postgresql96: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges</issue>
  <issue id="2017-15098" tracker="cve" />
  <issue id="2017-15099" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>This update for postgresql96 fixes the following issues:

Security issues fixed:

- CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844).
- CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (bsc#1067841).

Bug fixes:

- Update to version 9.6.6:
  * https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
  * https://www.postgresql.org/docs/9.6/static/release-9-6-5.html
</description>
  <summary>Security update for postgresql96</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.6325

Places