https://bugzilla.novell.com/show_bug.cgi?id=803057 https://bugzilla.novell.com/show_bug.cgi?id=803057#c0 Summary: PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: lijewski.stefan@zabka.pl QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
From postgresql.org:
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible. The security issue fixed in this release, CVE-2013-0255, allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure. Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.