This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
This update of postgresql fixes several minor security
- Postgresql does not properly check privileges during
certain RESET ALL operations, which allows remote
authenticated users to remove arbitrary parameter
- The PL/Tcl implementation in postgresql loads Tcl code
from the pltcl_modules table regardless of the table's
ownership and permissions, which allows remote
authenticated users with database creation privileges to
execute arbitrary Tcl code. (CVE-2010-1170)
- Postgresql does not properly restrict PL/perl
procedures, which allows remote authenticated users with
database creation privileges to execute arbitrary Perl
code via a crafted script. (CVE-2010-1169)
- An integer overflow in postgresql allows remote
authenticated users to crash the daemon with a SELECT
See also :
Apply ZYPP patch number 7053.
Risk factor :
High / CVSS Base Score : 8.5