New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 4
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis version upgrade of PostgreSQL fixes following issues :
- Bugfix release 9.0.10 :
- Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes.
- Improve page-splitting decisions in GiST indexes.
- Fix cascading privilege revoke to stop if privileges are still held.
- Improve error messages for Hot Standby misconfiguration errors.
- Fix handling of SIGFPE when PL/Perl is in use.
- Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed.
- Work around possible misoptimization in PL/Perl.
- See also:
- Security and bugfix release 9.0.9 :
- Prevent access to external files/URLs via contrib/xml2 (CVE-2012-3488, bnc#776523).
- Prevent access to external files/URLs via XML entity references (CVE-2012-3489, bnc#776524).
- Fix incorrect password transformation in contrib/pgcrypto (CVE-2012-2143, bnc#766799).
- Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655, bnc#765069).
- See also:
- Rename postgresql-mkspecfiles to pre_checkin.sh
SolutionUpdate the affected postgresql packages.