SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 2276)
Medium Nessus Plugin ID 29557
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe SQL Server PostgreSQL has been updated to fix the following security problems :
- backend/parser/analyze.c in PostgreSQL 8.1.x allowed remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a 'MIN/MAX index optimization.'. (CVE-2006-5540)
- backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. (CVE-2006-5541)
- backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. (CVE-2006-5542)
SolutionApply ZYPP patch number 2276.