Overview

File _patchinfo of Package patchinfo.2612

<patchinfo>
  <issue id="864845" tracker="bnc">VUL-0: CVE-2014-0060: postgresql: SET ROLE without ADMIN OPTION allows adding and removing group</issue>
  <issue id="864846" tracker="bnc">VUL-0: CVE-2014-0061: postgresql: privilege escalation via procedural language validator functions</issue>
  <issue id="864847" tracker="bnc">VUL-0: CVE-2014-0062: postgresql: CREATE INDEX race condition possibly leading to privilege escalation</issue>
  <issue id="864850" tracker="bnc">VUL-0: CVE-2014-0063: postgresql: stack-based buffer overflow in datetime input/output</issue>
  <issue id="864851" tracker="bnc">VUL-0: CVE-2014-0064: postgresql: integer overflows leading to buffer overflows</issue>
  <issue id="864852" tracker="bnc">VUL-0: CVE-2014-0065: postgresql: possible buffer overflow flaws</issue>
  <issue id="864853" tracker="bnc">VUL-0: CVE-2014-0066: postgresql: NULL pointer dereference</issue>
  <issue id="CVE-2014-0060" tracker="cve" />
  <issue id="CVE-2014-0061" tracker="cve" />
  <issue id="CVE-2014-0062" tracker="cve" />
  <issue id="CVE-2014-0063" tracker="cve" />
  <issue id="CVE-2014-0064" tracker="cve" />
  <issue id="CVE-2014-0065" tracker="cve" />
  <issue id="CVE-2014-0066" tracker="cve" />
  <issue id="CVE-2014-0067" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
The PostgreSQL database was updated to the security and bugfix release
9.2.7, which following fixes:

* Shore up GRANT ... WITH ADMIN OPTION restrictions
  (CVE-2014-0060, bnc#864845)
* Prevent privilege escalation via manual calls to PL validator
  functions (CVE-2014-0061, bnc#864846)
* Avoid multiple name lookups during table and index DDL
  (CVE-2014-0062, bnc#864847)
* Prevent buffer overrun with long datetime strings
  (CVE-2014-0063, bnc#864850)
* Prevent buffer overrun due to integer overflow in size
  calculations (CVE-2014-0064, bnc#864851)
* Prevent overruns of fixed-size buffers (CVE-2014-0065,
  bnc#864852)
* Avoid crashing if crypt() returns NULL (CVE-2014-0066,
  bnc#864853)
* Document risks of make check in the regression testing
  instructions (CVE-2014-0067)
* For the other (many!) bug fixes, see the release notes:
  http://www.postgresql.org/docs/9.3/static/release-9-2-7.html
</description>
  <summary>postgresql92: update to 9.2.7 security release</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places