Mailinglist Archive: opensuse-updates (48 mails)

< Previous Next >
openSUSE-SU-2010:0903-1 (moderate): postgesql security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Wed, 27 Oct 2010 19:08:10 +0200 (CEST)
  • Message-id: <20101027170810.665D0BE4E@xxxxxxxxxxxxxx>
openSUSE Security Update: postgesql security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0903-1
Rating: moderate
References: #643771
Cross-References: CVE-2010-3433
Affected Products:
openSUSE 11.3
openSUSE 11.2
openSUSE 11.1
______________________________________________________________________________

An update that fixes one vulnerability is now available. It
includes two new package versions.

Description:

PostgreSQL functions implemented in Perl or TCL shared a
global state even across different user user ids. A user
could therefore influence functions of other users in an
unexpected or even malicious way (CVE-2010-3433).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch postgresql-3356

- openSUSE 11.2:

zypper in -t patch postgresql-3356

- openSUSE 11.1:

zypper in -t patch postgresql-3356

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64) [New Version: 8.4.5]:

postgresql-8.4.5-0.3.1
postgresql-contrib-8.4.5-0.3.1
postgresql-devel-8.4.5-0.3.1
postgresql-libs-8.4.5-0.3.1
postgresql-plperl-8.4.5-0.3.1
postgresql-plpython-8.4.5-0.3.1
postgresql-pltcl-8.4.5-0.3.1
postgresql-server-8.4.5-0.3.1

- openSUSE 11.3 (x86_64) [New Version: 8.4.5]:

postgresql-libs-32bit-8.4.5-0.3.1

- openSUSE 11.3 (noarch) [New Version: 8.4.5]:

postgresql-docs-8.4.5-0.3.1

- openSUSE 11.2 (i586 x86_64) [New Version: 8.4.5]:

postgresql-8.4.5-0.2.1
postgresql-contrib-8.4.5-0.2.1
postgresql-devel-8.4.5-0.2.1
postgresql-docs-8.4.5-0.2.1
postgresql-libs-8.4.5-0.2.1
postgresql-plperl-8.4.5-0.2.1
postgresql-plpython-8.4.5-0.2.1
postgresql-pltcl-8.4.5-0.2.1
postgresql-server-8.4.5-0.2.1

- openSUSE 11.2 (x86_64) [New Version: 8.4.5]:

postgresql-libs-32bit-8.4.5-0.2.1

- openSUSE 11.1 (i586 ppc x86_64) [New Version: 8.3.12]:

postgresql-8.3.12-0.1.2
postgresql-contrib-8.3.12-0.1.2
postgresql-devel-8.3.12-0.1.2
postgresql-docs-8.3.12-0.1.2
postgresql-libs-8.3.12-0.1.2
postgresql-plperl-8.3.12-0.1.2
postgresql-plpython-8.3.12-0.1.2
postgresql-pltcl-8.3.12-0.1.2
postgresql-server-8.3.12-0.1.2

- openSUSE 11.1 (x86_64) [New Version: 8.3.12]:

postgresql-libs-32bit-8.3.12-0.1.2

- openSUSE 11.1 (ppc) [New Version: 8.3.12]:

postgresql-libs-64bit-8.3.12-0.1.2


References:

http://support.novell.com/security/cve/CVE-2010-3433.html
https://bugzilla.novell.com/643771


< Previous Next >
This Thread
  • No further messages