openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

medium Nessus Plugin ID 74773
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This version upgrade of PostgreSQL fixes following issues :

- Bugfix release 9.0.10 :

- Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes.

- Improve page-splitting decisions in GiST indexes.

- Fix cascading privilege revoke to stop if privileges are still held.

- Improve error messages for Hot Standby misconfiguration errors.

- Fix handling of SIGFPE when PL/Perl is in use.

- Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed.

- Work around possible misoptimization in PL/Perl.

- See also:
http://www.postgresql.org/docs/9.0/static/release.html

- Security and bugfix release 9.0.9 :

- Prevent access to external files/URLs via contrib/xml2 (CVE-2012-3488, bnc#776523).

- Prevent access to external files/URLs via XML entity references (CVE-2012-3489, bnc#776524).

- Fix incorrect password transformation in contrib/pgcrypto (CVE-2012-2143, bnc#766799).

- Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655, bnc#765069).

- See also:
http://www.postgresql.org/docs/9.0/static/release.html

- Rename postgresql-mkspecfiles to pre_checkin.sh

Solution

Update the affected postgresql packages.

See Also

https://www.postgresql.org/docs/9.0/release.html

https://bugzilla.novell.com/show_bug.cgi?id=765069

https://bugzilla.novell.com/show_bug.cgi?id=766799

https://bugzilla.novell.com/show_bug.cgi?id=776523

https://bugzilla.novell.com/show_bug.cgi?id=776524

https://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html

Plugin Details

Severity: Medium

ID: 74773

File Name: openSUSE-2012-675.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:libecpg6-debuginfo, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql, p-cpe:/a:novell:opensuse:postgresql-contrib, p-cpe:/a:novell:opensuse:postgresql-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql-debuginfo, p-cpe:/a:novell:opensuse:postgresql-debugsource, p-cpe:/a:novell:opensuse:postgresql-devel, p-cpe:/a:novell:opensuse:postgresql-devel-debuginfo, p-cpe:/a:novell:opensuse:postgresql-libs-debugsource, p-cpe:/a:novell:opensuse:postgresql-plperl, p-cpe:/a:novell:opensuse:postgresql-plperl-debuginfo, p-cpe:/a:novell:opensuse:postgresql-plpython, p-cpe:/a:novell:opensuse:postgresql-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql-pltcl, p-cpe:/a:novell:opensuse:postgresql-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql-server, p-cpe:/a:novell:opensuse:postgresql-server-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 9/26/2012

Reference Information

CVE: CVE-2012-2143, CVE-2012-2655, CVE-2012-3488, CVE-2012-3489