LogoopenSUSE Build Service > Projects
Sign Up | Log In

security update for postgresql-libs.o...

security update for postgresql, postgresql-libs
This update was submitted from Paul Zawila-Niedzwiecki Paul Zawila-Niedzwiecki (zawel1) and rated as moderate
Description:

- Security and bugfix release 9.1.5:
  * Ignore SECURITY DEFINER and SET attributes for a procedural
    language's call handler (CVE-2012-2655) bnc#765069
  * Fix incorrect password transformation in "contrib/pgcrypto"'s DES
    crypt() function (CVE-2012-2143) bnc#766799
  * Prevent access to external files/URLs via "contrib/xml2"'s
    xslt_process() (CVE-2012-3488) bnc#776523
  * Prevent access to external files/URLs via XML entity references
    (CVE-2012-3489) bnc#776524
  * See the release notes for the rest of the changes:
    http://www.postgresql.org/docs/9.1/static/release.html
    /usr/share/doc/packages/postgresql/HISTORY
  
Fixed bugs:
Required actions:
  • Relogin suggested:
  • Reboot suggested:
  • Package-manager restart: