SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 2276)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The SQL Server PostgreSQL has been updated to fix the following
security problems :

- backend/parser/analyze.c in PostgreSQL 8.1.x allowed
remote authenticated users to cause a denial of service
(daemon crash) via certain aggregate functions in an
UPDATE statement, which are not properly handled during
a 'MIN/MAX index optimization.'. (CVE-2006-5540)

- backend/parser/parse_coerce.c in PostgreSQL 7.4.1
through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before
8.1.5 allows remote authenticated users to cause a
denial of service (daemon crash) via a coercion of an
unknown element to ANYARRAY. (CVE-2006-5541)

- backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5
allows remote authenticated users to cause a denial of
service (daemon crash) related to duration logging of
V3-protocol Execute messages for (1) COMMIT and (2)
ROLLBACK SQL statements. (CVE-2006-5542)

See also :

http://support.novell.com/security/cve/CVE-2006-5540.html
http://support.novell.com/security/cve/CVE-2006-5541.html
http://support.novell.com/security/cve/CVE-2006-5542.html

Solution :

Apply ZYPP patch number 2276.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29557 ()

Bugtraq ID:

CVE ID: CVE-2006-5540
CVE-2006-5541
CVE-2006-5542

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now