Risks
Advisories
Browse
or
or
SUSE Security Update - PostgreSQL (SUSE-SU-2013:0633-2)
SUSE Security Update: Security update for PostgreSQL
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0633-2
Rating:             important
References:         #812525
Cross-References:   CVE-2013-1899 CVE-2013-1900 CVE-2013-1901

Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes one version update.

Description:


   This update of PostgreSQL to version 9.1.9 fixes:

   * CVE-2013-1899: Fix insecure parsing of server
   command-line switches.
   * CVE-2013-1900: Reset OpenSSL randomness state in each
   postmaster child process.
   * CVE-2013-1901: Make REPLICATION privilege checks test
   current user not authenticated user.

   Security Issue references:

   * CVE-2013-1899
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
   >
   * CVE-2013-1900
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
   >
   * CVE-2013-1901
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version:
9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64) [New Version:
9.1.9]:

      libpq5-32bit-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version:
9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 9.1.9]:

      libpq5-32bit-9.1.9-0.3.1


References:

   http://support.novell.com/security/cve/CVE-2013-1899.html
   http://support.novell.com/security/cve/CVE-2013-1900.html
   http://support.novell.com/security/cve/CVE-2013-1901.html
   https://bugzilla.novell.com/812525
   http://download.novell.com/patch/finder/?keywords=6a0c9dcd9511dbcaec90c28d67b514e8




Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //