A new user interface for you! Read more...

Update for patchinfo.openSUSE_11.4, postgresql-l... security low

update for postgresql

- Security and bugfix release 9.1.3:
* Require execute permission on the trigger function for "CREATE
TRIGGER" (CVE-2012-0866, bnc#749299).
* Remove arbitrary limitation on length of common name in SSL
certificates (CVE-2012-0867, bnc#749301).
* Convert newlines to spaces in names written in pg_dump
comments (CVE-2012-0868, bnc#749303).

See the release notes for the rest of the changes:
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
/usr/share/doc/packages/postgresql/HISTORY

Fixed bugs
bnc#749299 postgresql: Absent permission checks on trigger function to be called when creating a trigger
bnc#749303 postgresql: SQL injection due unsanitized newline characters in object names
bnc#749301 postgresql: MITM due improper x509_v3 CN validation during certificate verification
bnc#701489 postgresql-contrib: crypt_blowfish: 8-bit character mishandling
CVE-CVE-2012-0866 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-0867 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-0868 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2011-2483 crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by
Selected Binaries