Risks
Advisories
Browse
or
or
SUSE Security Update - PostgreSQL (SUSE-SU-2013:0633-2)
SUSE Security Update: Security update for PostgreSQL
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0633-2
Rating:             important
References:         #812525
Cross-References:   CVE-2013-1899 CVE-2013-1900 CVE-2013-1901

Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes one version update.

Description:


   This update of PostgreSQL to version 9.1.9 fixes:

   * CVE-2013-1899: Fix insecure parsing of server
   command-line switches.
   * CVE-2013-1900: Reset OpenSSL randomness state in each
   postmaster child process.
   * CVE-2013-1901: Make REPLICATION privilege checks test
   current user not authenticated user.

   Security Issue references:

   * CVE-2013-1899
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
   >
   * CVE-2013-1900
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
   >
   * CVE-2013-1901
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version:
9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64) [New Version:
9.1.9]:

      libpq5-32bit-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version:
9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 9.1.9]:

      libpq5-32bit-9.1.9-0.3.1


References:

   http://support.novell.com/security/cve/CVE-2013-1899.html
   http://support.novell.com/security/cve/CVE-2013-1900.html
   http://support.novell.com/security/cve/CVE-2013-1901.html
   https://bugzilla.novell.com/812525
   http://download.novell.com/patch/finder/?keywords=6a0c9dcd9511dbcaec90c28d67b514e8




Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //