openSUSE Security Update: postgresql to 9.1.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1173-1 Rating: moderate References: #701489 #749299 #749301 #749303 Cross-References: CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: Postgresql was updated to the security and bugfix release 9.1.3: * Require execute permission on the trigger function for "CREATE TRIGGER" (CVE-2012-0866, bnc#749299). * Remove arbitrary limitation on length of common name in SSL certificates (CVE-2012-0867, bnc#749301). * Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303). * See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release.html /usr/share/doc/packages/postgresql/HISTORY - This also fixes bnc#701489. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-603 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): libecpg6-9.1.3-7.4.1 libecpg6-debuginfo-9.1.3-7.4.1 libpq5-9.1.3-7.4.1 libpq5-debuginfo-9.1.3-7.4.1 postgresql-9.1.3-7.4.1 postgresql-contrib-9.1.3-7.4.1 postgresql-contrib-debuginfo-9.1.3-7.4.1 postgresql-debuginfo-9.1.3-7.4.1 postgresql-debugsource-9.1.3-7.4.1 postgresql-devel-9.1.3-7.4.1 postgresql-devel-debuginfo-9.1.3-7.4.1 postgresql-libs-debugsource-9.1.3-7.4.1 postgresql-plperl-9.1.3-7.4.1 postgresql-plperl-debuginfo-9.1.3-7.4.1 postgresql-plpython-9.1.3-7.4.1 postgresql-plpython-debuginfo-9.1.3-7.4.1 postgresql-pltcl-9.1.3-7.4.1 postgresql-pltcl-debuginfo-9.1.3-7.4.1 postgresql-server-9.1.3-7.4.1 postgresql-server-debuginfo-9.1.3-7.4.1 - openSUSE 12.2 (x86_64): libpq5-32bit-9.1.3-7.4.1 libpq5-debuginfo-32bit-9.1.3-7.4.1 postgresql-devel-32bit-9.1.3-7.4.1 postgresql-devel-debuginfo-32bit-9.1.3-7.4.1 - openSUSE 12.2 (noarch): postgresql-docs-9.1.3-7.4.1 References: http://support.novell.com/security/cve/CVE-2012-0866.html http://support.novell.com/security/cve/CVE-2012-0867.html http://support.novell.com/security/cve/CVE-2012-0868.html https://bugzilla.novell.com/701489 https://bugzilla.novell.com/749299 https://bugzilla.novell.com/749301 https://bugzilla.novell.com/749303