SuseOPENSUSE-SU-2013:0627-1

HistoryApr 05, 2013 - 10:04 a.m.

postgresql91 to version 9.1.9. (important)

2013-04-0510:04:26

lists.opensuse.org

0.972 High

EPSS

Percentile

99.8%

JSON

postgresql was updated to version 9.1.9 (bnc#812525):

CVE-2013-1899: Fix insecure parsing of server
command-line switches. A connection request containing
a database name that begins with "-" could be crafted
to damage or destroy files within the server’s data
directory, even if the request is eventually rejected.
CVE-2013-1900: Reset OpenSSL randomness state in each
postmaster child process. This avoids a scenario
wherein random numbers generated by "contrib/pgcrypto"
functions might be relatively easy for another database
user to guess. The risk is only significant when the
postmaster is configured with ssl = on but most
connections don’t use SSL encryption.
CVE-2013-1901: Make REPLICATION privilege checks test
current user not authenticated user. An unprivileged
database user could exploit this mistake to call
pg_start_backup() or pg_stop_backup(), thus possibly
interfering with creation of routine backups.
See the release notes for the rest of the changes:
<a href=“http://www.postgresql.org/docs/9.1/static/release-9-1-9.html”>http://www.postgresql.org/docs/9.1/static/release-9-1-9.html</a>
/usr/share/doc/packages/postgresql91/HISTORY

OSVersionArchitecturePackageVersionFilename
openSUSE12.2i586postgresql91-devel-debuginfo< 9.1.9-20.1postgresql91-devel-debuginfo-9.1.9-20.1.i586.rpm
openSUSE12.2x86_64libecpg6-debuginfo-32bit< 9.1.9-20.1libecpg6-debuginfo-32bit-9.1.9-20.1.x86_64.rpm
openSUSE12.2i586postgresql91-pltcl< 9.1.9-20.1postgresql91-pltcl-9.1.9-20.1.i586.rpm
openSUSE12.1x86_64postgresql91-devel< 9.1.9-25.1postgresql91-devel-9.1.9-25.1.x86_64.rpm
openSUSE12.1x86_64postgresql91-libs-debugsource< 9.1.9-25.1postgresql91-libs-debugsource-9.1.9-25.1.x86_64.rpm
openSUSE12.2x86_64postgresql91-libs-debugsource< 9.1.9-20.1postgresql91-libs-debugsource-9.1.9-20.1.x86_64.rpm
openSUSE12.1x86_64libecpg6-debuginfo-32bit< 9.1.9-25.1libecpg6-debuginfo-32bit-9.1.9-25.1.x86_64.rpm
openSUSE12.1i586postgresql91-contrib< 9.1.9-25.1postgresql91-contrib-9.1.9-25.1.i586.rpm
openSUSE12.2x86_64postgresql91-devel< 9.1.9-20.1postgresql91-devel-9.1.9-20.1.x86_64.rpm
openSUSE12.1ia64postgresql91-devel-debuginfo-x86< 9.1.9-25.1postgresql91-devel-debuginfo-x86-9.1.9-25.1.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	12.2	i586	postgresql91-devel-debuginfo	< 9.1.9-20.1	postgresql91-devel-debuginfo-9.1.9-20.1.i586.rpm
openSUSE	12.2	x86_64	libecpg6-debuginfo-32bit	< 9.1.9-20.1	libecpg6-debuginfo-32bit-9.1.9-20.1.x86_64.rpm
openSUSE	12.2	i586	postgresql91-pltcl	< 9.1.9-20.1	postgresql91-pltcl-9.1.9-20.1.i586.rpm
openSUSE	12.1	x86_64	postgresql91-devel	< 9.1.9-25.1	postgresql91-devel-9.1.9-25.1.x86_64.rpm
openSUSE	12.1	x86_64	postgresql91-libs-debugsource	< 9.1.9-25.1	postgresql91-libs-debugsource-9.1.9-25.1.x86_64.rpm
openSUSE	12.2	x86_64	postgresql91-libs-debugsource	< 9.1.9-20.1	postgresql91-libs-debugsource-9.1.9-20.1.x86_64.rpm
openSUSE	12.1	x86_64	libecpg6-debuginfo-32bit	< 9.1.9-25.1	libecpg6-debuginfo-32bit-9.1.9-25.1.x86_64.rpm
openSUSE	12.1	i586	postgresql91-contrib	< 9.1.9-25.1	postgresql91-contrib-9.1.9-25.1.i586.rpm
openSUSE	12.2	x86_64	postgresql91-devel	< 9.1.9-20.1	postgresql91-devel-9.1.9-20.1.x86_64.rpm
openSUSE	12.1	ia64	postgresql91-devel-debuginfo-x86	< 9.1.9-25.1	postgresql91-devel-debuginfo-x86-9.1.9-25.1.ia64.rpm

Rows per page:

1-10 of 991

References

bugzilla.novell.com/812525

postgresql91 to version 9.1.9. (important)

References

Related