Upstream information

CVE-2006-2313 at MITRE

Description

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 177931 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • postgresql-server >= 8.1.4-1.2
SUSE LINUX 10.0
  • postgresql >= 8.0.8-0.2
  • postgresql-contrib >= 8.0.8-0.2
  • postgresql-devel >= 8.0.8-0.2
  • postgresql-docs >= 8.0.8-0.2
  • postgresql-libs >= 8.0.8-0.2
  • postgresql-libs-32bit >= 8.0.8-0.2
  • postgresql-libs-64bit >= 8.0.8-0.2
  • postgresql-pl >= 8.0.8-0.2
  • postgresql-server >= 8.0.8-0.2
SUSE LINUX 9.1 for IA32
  • postgresql >= 7.4.13-0.4
  • postgresql-contrib >= 7.4.13-0.4
  • postgresql-devel >= 7.4.13-0.4
  • postgresql-docs >= 7.4.13-0.4
  • postgresql-libs >= 7.4.13-0.4
  • postgresql-pl >= 7.4.13-0.4
  • postgresql-server >= 7.4.13-0.4
SUSE LINUX 9.1 for x86-64
  • postgresql >= 7.4.13-0.4
  • postgresql-contrib >= 7.4.13-0.4
  • postgresql-devel >= 7.4.13-0.4
  • postgresql-docs >= 7.4.13-0.4
  • postgresql-libs >= 7.4.13-0.4
  • postgresql-libs-32bit >= 9.1-200605310116
  • postgresql-pl >= 7.4.13-0.4
  • postgresql-server >= 7.4.13-0.4
SUSE LINUX 9.2
  • postgresql >= 7.4.13-0.2
  • postgresql-contrib >= 7.4.13-0.2
  • postgresql-devel >= 7.4.13-0.2
  • postgresql-docs >= 7.4.13-0.2
  • postgresql-libs >= 7.4.13-0.2
  • postgresql-libs-32bit >= 9.2-200605301412
  • postgresql-pl >= 7.4.13-0.2
  • postgresql-server >= 7.4.13-0.2
SUSE LINUX 9.3
  • postgresql >= 8.0.8-0.2
  • postgresql-contrib >= 8.0.8-0.2
  • postgresql-devel >= 8.0.8-0.2
  • postgresql-docs >= 8.0.8-0.2
  • postgresql-libs >= 8.0.8-0.2
  • postgresql-libs-32bit >= 9.3-7.3
  • postgresql-pl >= 8.0.8-0.2
  • postgresql-server >= 8.0.8-0.2
SUSE LINUX 10.1
  • postgresql >= 8.1.4-1.2
  • postgresql-contrib >= 8.1.4-1.2
  • postgresql-devel >= 8.1.4-1.2
  • postgresql-docs >= 8.1.4-1.2
  • postgresql-libs >= 8.1.4-1.2
  • postgresql-libs-32bit >= 8.1.4-1.2
  • postgresql-libs-64bit >= 8.1.4-1.2
  • postgresql-pl >= 8.1.4-1.2
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • postgresql >= 7.4.13-0.2
  • postgresql-contrib >= 7.4.13-0.2
  • postgresql-devel >= 7.4.13-0.2
  • postgresql-docs >= 7.4.13-0.2
  • postgresql-libs >= 7.4.13-0.2
  • postgresql-pl >= 7.4.13-0.2
  • postgresql-server >= 7.4.13-0.2
Builds
YOU Patch Nr: 11025
Novell Linux Desktop 9 for x86_64
  • postgresql >= 7.4.13-0.2
  • postgresql-contrib >= 7.4.13-0.2
  • postgresql-devel >= 7.4.13-0.2
  • postgresql-docs >= 7.4.13-0.2
  • postgresql-libs >= 7.4.13-0.2
  • postgresql-libs-32bit >= 9-200605291910
  • postgresql-pl >= 7.4.13-0.2
  • postgresql-server >= 7.4.13-0.2
Builds
YOU Patch Nr: 11025