openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)

medium Nessus Plugin ID 75281

Synopsis

The remote openSUSE host is missing a security update.

Description

The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes :

- Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845)

- Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846)

- Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847)

- Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850)

- Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851)

- Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852)

- Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853)

- Document risks of make check in the regression testing instructions (CVE-2014-0067)

- For the other (many!) bug fixes, see the release notes:
http://www.postgresql.org/docs/9.3/static/release-9-2-7.
html

Solution

Update the affected postgresql92 packages.

See Also

https://www.postgresql.org/docs/9.3/release-9-2-7.html

https://bugzilla.novell.com/show_bug.cgi?id=864845

https://bugzilla.novell.com/show_bug.cgi?id=864846

https://bugzilla.novell.com/show_bug.cgi?id=864847

https://bugzilla.novell.com/show_bug.cgi?id=864850

https://bugzilla.novell.com/show_bug.cgi?id=864851

https://bugzilla.novell.com/show_bug.cgi?id=864852

https://bugzilla.novell.com/show_bug.cgi?id=864853

https://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Plugin Details

Severity: Medium

ID: 75281

File Name: openSUSE-2014-192.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:libecpg6-32bit, p-cpe:/a:novell:opensuse:libecpg6-debuginfo, p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql92, p-cpe:/a:novell:opensuse:postgresql92-contrib, p-cpe:/a:novell:opensuse:postgresql92-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-debugsource, p-cpe:/a:novell:opensuse:postgresql92-devel, p-cpe:/a:novell:opensuse:postgresql92-devel-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-libs-debugsource, p-cpe:/a:novell:opensuse:postgresql92-plperl, p-cpe:/a:novell:opensuse:postgresql92-plperl-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-plpython, p-cpe:/a:novell:opensuse:postgresql92-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-pltcl, p-cpe:/a:novell:opensuse:postgresql92-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-server, p-cpe:/a:novell:opensuse:postgresql92-server-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/28/2014

Reference Information

CVE: CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067