Overview Details Repositories Revisions Requests Users Attributes Meta
security update for postgresql, postgresql-libs

- Security and bugfix release 9.1.5:
* Ignore SECURITY DEFINER and SET attributes for a procedural
language's call handler (CVE-2012-2655) bnc#765069
* Fix incorrect password transformation in "contrib/pgcrypto"'s DES
crypt() function (CVE-2012-2143) bnc#766799
* Prevent access to external files/URLs via "contrib/xml2"'s
xslt_process() (CVE-2012-3488) bnc#776523
* Prevent access to external files/URLs via XML entity references
(CVE-2012-3489) bnc#776524
* See the release notes for the rest of the changes:
http://www.postgresql.org/docs/9.1/static/release.html
/usr/share/doc/packages/postgresql/HISTORY

Fixed bugs
bnc#776523
postgresql: arbitrary read + write of files via XSL functionality
bnc#776524
postgresql: determination of the existence of files
bnc#766797
postgresql: BSD crypt 8bit character mishandling
bnc#765069
postgresql: denial of service (stack exhaustion) via specially-crafted SQL
CVE-CVE-2012-3489
CVE-CVE-2012-3488
CVE-CVE-2012-2655
CVE-CVE-2012-2143
Selected Binaries
openSUSE Build Service is sponsored by
Places