Synopsis:          Moderate: postgresql security update
Advisory ID:       SLSA-2015:2078-1
Issue Date:        2015-11-19
CVE Numbers:       CVE-2015-5288
                   CVE-2015-5289
--

A memory leak error was discovered in the crypt() function of the pgCrypto
extension. An authenticated attacker could possibly use this flaw to
disclose a limited amount of the server memory. (CVE-2015-5288)

A stack overflow flaw was discovered in the way the PostgreSQL core server
processed certain JSON or JSONB input. An authenticated attacker could
possibly use this flaw to crash the server backend by sending specially
crafted JSON or JSONB input. (CVE-2015-5289)

If the postgresql service is running, it will be automatically restarted
after installing this update.
--

SL7
  x86_64
    postgresql-9.2.14-1.el7_1.x86_64.rpm
    postgresql-devel-9.2.14-1.el7_1.x86_64.rpm
    postgresql-9.2.14-1.el7_1.i686.rpm
    postgresql-docs-9.2.14-1.el7_1.x86_64.rpm
    postgresql-debuginfo-9.2.14-1.el7_1.i686.rpm
    postgresql-devel-9.2.14-1.el7_1.i686.rpm
    postgresql-libs-9.2.14-1.el7_1.x86_64.rpm
    postgresql-debuginfo-9.2.14-1.el7_1.x86_64.rpm
    postgresql-libs-9.2.14-1.el7_1.i686.rpm
    postgresql-plperl-9.2.14-1.el7_1.x86_64.rpm
    postgresql-test-9.2.14-1.el7_1.x86_64.rpm
    postgresql-pltcl-9.2.14-1.el7_1.x86_64.rpm
    postgresql-server-9.2.14-1.el7_1.x86_64.rpm
    postgresql-contrib-9.2.14-1.el7_1.x86_64.rpm
    postgresql-upgrade-9.2.14-1.el7_1.x86_64.rpm
    postgresql-plpython-9.2.14-1.el7_1.x86_64.rpm
  srpm
    postgresql-9.2.14-1.el7_1.src.rpm

- Scientific Linux Development Team