LogoopenSUSE Build Service > Projects
Sign Up | Log In

security update for patchinfo.openSUS...

update for postgresql
This update was submitted from Ludwig Nussel Ludwig Nussel (lnussel) and rated as low
Description:
- Security and bugfix release 9.1.3:
  * Require execute permission on the trigger function for "CREATE
    TRIGGER" (CVE-2012-0866, bnc#749299).
  * Remove arbitrary limitation on length of common name in SSL
    certificates (CVE-2012-0867, bnc#749301).
  * Convert newlines to spaces in names written in pg_dump
    comments (CVE-2012-0868, bnc#749303).

See the release notes for the rest of the changes:
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
/usr/share/doc/packages/postgresql/HISTORY
Fixed bugs:
  • 749299#bnc: postgresql: Absent permission checks on trigger function to be called when creating a trigger
  • 749303#bnc: postgresql: SQL injection due unsanitized newline characters in object names
  • 749301#bnc: postgresql: MITM due improper x509_v3 CN validation during certificate verification
  • 701489#bnc: postgresql-contrib: crypt_blowfish: 8-bit character mishandling
  • CVE-2012-0866#cve: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
  • CVE-2012-0867#cve: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
  • CVE-2012-0868#cve: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
  • CVE-2011-2483#cve: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by
Required actions:
  • Relogin suggested:
  • Reboot suggested:
  • Package-manager restart: