openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

Medium Nessus Plugin ID 74773

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 4

Synopsis

The remote openSUSE host is missing a security update.

Description

This version upgrade of PostgreSQL fixes following issues :

- Bugfix release 9.0.10 :

- Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes.

- Improve page-splitting decisions in GiST indexes.

- Fix cascading privilege revoke to stop if privileges are still held.

- Improve error messages for Hot Standby misconfiguration errors.

- Fix handling of SIGFPE when PL/Perl is in use.

- Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed.

- Work around possible misoptimization in PL/Perl.

- See also:
http://www.postgresql.org/docs/9.0/static/release.html

- Security and bugfix release 9.0.9 :

- Prevent access to external files/URLs via contrib/xml2 (CVE-2012-3488, bnc#776523).

- Prevent access to external files/URLs via XML entity references (CVE-2012-3489, bnc#776524).

- Fix incorrect password transformation in contrib/pgcrypto (CVE-2012-2143, bnc#766799).

- Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655, bnc#765069).

- See also:
http://www.postgresql.org/docs/9.0/static/release.html

- Rename postgresql-mkspecfiles to pre_checkin.sh

Solution

Update the affected postgresql packages.

See Also

https://www.postgresql.org/docs/9.0/release.html

https://bugzilla.novell.com/show_bug.cgi?id=765069

https://bugzilla.novell.com/show_bug.cgi?id=766799

https://bugzilla.novell.com/show_bug.cgi?id=776523

https://bugzilla.novell.com/show_bug.cgi?id=776524

https://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html

Plugin Details

Severity: Medium

ID: 74773

File Name: openSUSE-2012-675.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 4

CVSS v2.0

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:libecpg6-debuginfo, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql, p-cpe:/a:novell:opensuse:postgresql-contrib, p-cpe:/a:novell:opensuse:postgresql-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql-debuginfo, p-cpe:/a:novell:opensuse:postgresql-debugsource, p-cpe:/a:novell:opensuse:postgresql-devel, p-cpe:/a:novell:opensuse:postgresql-devel-debuginfo, p-cpe:/a:novell:opensuse:postgresql-libs-debugsource, p-cpe:/a:novell:opensuse:postgresql-plperl, p-cpe:/a:novell:opensuse:postgresql-plperl-debuginfo, p-cpe:/a:novell:opensuse:postgresql-plpython, p-cpe:/a:novell:opensuse:postgresql-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql-pltcl, p-cpe:/a:novell:opensuse:postgresql-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql-server, p-cpe:/a:novell:opensuse:postgresql-server-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/09/26

Reference Information

CVE: CVE-2012-2143, CVE-2012-2655, CVE-2012-3488, CVE-2012-3489