SuSE 10 Security Update : postgresql (ZYPP Patch Number 7053)
High Nessus Plugin ID 49921
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update of postgresql fixes several minor security vulnerabilities :
- Postgresql does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings. (CVE-2010-1975)
- The PL/Tcl implementation in postgresql loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users with database creation privileges to execute arbitrary Tcl code. (CVE-2010-1170)
- Postgresql does not properly restrict PL/perl procedures, which allows remote authenticated users with database creation privileges to execute arbitrary Perl code via a crafted script. (CVE-2010-1169)
- An integer overflow in postgresql allows remote authenticated users to crash the daemon with a SELECT statement. (CVE-2010-0733)
SolutionApply ZYPP patch number 7053.