Upstream has released new versions on February 11: http://www.postgresql.org/about/news/1644/ Ubuntu has issued an advisory for this on February 11: http://www.ubuntu.com/usn/usn-2894-1/ Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Updated packages uploaded by Oden. Advisory: ======================== Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors (CVE-2016-0766). PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression (CVE-2016-0773). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0773 http://www.ubuntu.com/usn/usn-2894-1/ ======================== Updated packages in core/updates_testing: ======================== postgresql9.3-9.3.11-1.mga5 libpq9.3_5.6-9.3.11-1.mga5 libecpg9.3_6-9.3.11-1.mga5 postgresql9.3-server-9.3.11-1.mga5 postgresql9.3-docs-9.3.11-1.mga5 postgresql9.3-contrib-9.3.11-1.mga5 postgresql9.3-devel-9.3.11-1.mga5 postgresql9.3-pl-9.3.11-1.mga5 postgresql9.3-plpython-9.3.11-1.mga5 postgresql9.3-plperl-9.3.11-1.mga5 postgresql9.3-pltcl-9.3.11-1.mga5 postgresql9.3-plpgsql-9.3.11-1.mga5 postgresql9.4-9.4.6-1.mga5 libpq5-9.4.6-1.mga5 libecpg9.4_6-9.4.6-1.mga5 postgresql9.4-server-9.4.6-1.mga5 postgresql9.4-docs-9.4.6-1.mga5 postgresql9.4-contrib-9.4.6-1.mga5 postgresql9.4-devel-9.4.6-1.mga5 postgresql9.4-pl-9.4.6-1.mga5 postgresql9.4-plpython-9.4.6-1.mga5 postgresql9.4-plperl-9.4.6-1.mga5 postgresql9.4-pltcl-9.4.6-1.mga5 postgresql9.4-plpgsql-9.4.6-1.mga5 from SRPMS: postgresql9.3-9.3.11-1.mga5.src.rpm postgresql9.4-9.4.6-1.mga5.src.rpm
Assignee: cjw => qa-bugs
Advisory uploaded. Procedure: https://bugs.mageia.org/show_bug.cgi?id=8997#c1
Whiteboard: (none) => has_procedure advisory
Testing M5 x64 For starters, note that the so-called 'test procedure' link above is essentially a single text file 'world.sql' containing a large amount of data interspersed with the necessary SQL commands to create 3 tables (city, country, countrylanguage) & populate them. I set it up from Postgres itself: $ psql -U postgres [asks for Postgres password] postgres=# Open the 'world.sql' file in a graphical text editor, and carefully use X copy/paste (mouse drag to select, middle-button click to paste) into the terminal window postgres prompt to execute each SQL command in turn, likewise for the interspersed data - some of which is vast. But it works. The 3 tables are created in the heirarchy:- postgres - schemas - public - tables Once you have done that, it is up to you to invent SQL to play with it. I used Phppgadmin to view the tables and show their structure; also to launch very basic searches, both templated & raw. Worth brushing up your SQL! In addition, I summarily used Bugzilla, Drupal, MediaWiki all with PosgreSQL on my system. I have an unfortunate mixture, mostly 9.3, of Postgres versions. After the update they were: lib64ecpg9.3_6-9.3.11-1.mga5 lib64pq5-9.4.6-1.mga5 lib64pq9.3_5.6-9.3.11-1.mga5 postgresql9.3-9.3.11-1.mga5 postgresql-jdbc-9.4.1200-1.mga5 postgresql9.3-server-9.3.11-1.mga5 postgresql9.3-plpgsql-9.3.11-1.mga5 postgresql9.3-devel-9.3.11-1.mga5 No apparent problems, so OK.
CC: (none) => lewyssmithWhiteboard: has_procedure advisory => has_procedure advisory MGA5-64-OK
MGA5-64 on Lenovo B50 KDE. Choose 9.3 packages plus phppgadmin, no installation issues. I could run the server, create a user and made this one the owner of a new database and create a table in it. So OK for that version.
CC: (none) => herman.viaene
MGA5-64 on Lenovo B50 KDE. Removed 9.3 and tried to install the 9.4, went OK after deleting the old database. I could run the server, create a user and made this one the owner of a new database and create a table in it. So OK for that version.
Well done guys. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0085.html
Status: NEW => RESOLVEDResolution: (none) => FIXED