https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c0
Summary: PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: lijewski.stefan@zabka.pl QAContact: qa-bugs@suse.de Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
From postgresql.org:
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible.
The security issue fixed in this release, CVE-2013-0255, allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.
Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.
Reproducible: Always
https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c1
--- Comment #1 from Bernhard Wiedemann bwiedemann@suse.com 2013-02-12 08:00:08 CET --- This is an autogenerated message for OBS integration: This bug (803057) was mentioned in https://build.opensuse.org/request/show/155175 Evergreen:11.2 / postgresql
https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c2
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Alias| |`
--- Comment #2 from Marcus Meissner meissner@suse.com 2013-02-12 08:18:50 UTC --- dup of 802679 basically, but i leave it open for you :)
https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c3
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE
--- Comment #3 from Marcus Meissner meissner@suse.com 2013-02-12 08:57:32 UTC --- actually leaving open not necessary i think
*** This bug has been marked as a duplicate of bug 802679 *** http://bugzilla.novell.com/show_bug.cgi?id=802679
https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c4
--- Comment #4 from Stefan Lijewski lijewski.stefan@zabka.pl 2013-02-12 09:03:08 UTC --- I was just attempting to do so :-) The only bug I see here is why bugzilla didn't find the bug using postgres keyword. But I assume it's my fault not using advanced search options. Already correcting bnc in Evergreens submissions.
https://bugzilla.novell.com/show_bug.cgi?id=803057
https://bugzilla.novell.com/show_bug.cgi?id=803057#c5
--- Comment #5 from Swamp Workflow Management swamp@suse.de 2013-02-21 14:04:26 UTC --- openSUSE-SU-2013:0319-1: An update that fixes one vulnerability is now available.
Category: security (moderate) Bug References: 803057 CVE References: CVE-2013-0255 Sources used: openSUSE 11.4 (src): postgresql-9.0.12-27.1, postgresql-libs-9.0.12-27.1
http://bugzilla.novell.com/show_bug.cgi?id=803057
Chandrasekar R chandrasekar@microfocus.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1103050