Upstream information

CVE-2013-0255 at MITRE

Description

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:L/Au:S/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entries: 802679 [RESOLVED / FIXED], 803057 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-32bit >= 9.1.8-0.5.1
  • postgresql >= 8.3.23-0.4.1
  • postgresql91 >= 9.1.8-0.5.1
Patchnames:
sledsp2-libecpg6
sledsp2-postgresql
SUSE Linux Enterprise Desktop 12
  • libecpg6 >= 9.3.5-2.3
  • libpq5 >= 9.3.5-2.3
  • libpq5-32bit >= 9.3.5-2.3
  • postgresql93 >= 9.3.5-2.24
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libecpg6
SUSE Linux Enterprise Desktop 12 SP1
  • libecpg6 >= 9.4.5-4.1
  • libpq5 >= 9.4.5-4.1
  • libpq5-32bit >= 9.4.5-4.1
  • postgresql94 >= 9.4.5-4.5
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libecpg6
SUSE Linux Enterprise Desktop 12 SP2
  • libecpg6 >= 9.4.9-14.1
  • libpq5 >= 9.4.9-14.1
  • libpq5-32bit >= 9.4.9-14.1
  • postgresql94 >= 9.4.9-14.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libecpg6
SUSE Linux Enterprise Server 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-32bit >= 9.1.8-0.5.1
  • libpq5-x86 >= 9.1.9-0.3.1
  • postgresql >= 8.3.23-0.4.1
  • postgresql-contrib >= 8.3.23-0.4.1
  • postgresql-docs >= 8.3.23-0.4.1
  • postgresql-server >= 8.3.23-0.4.1
  • postgresql91 >= 9.1.8-0.5.1
  • postgresql91-contrib >= 9.1.8-0.5.1
  • postgresql91-docs >= 9.1.8-0.5.1
  • postgresql91-server >= 9.1.8-0.5.1
Patchnames:
slessp2-libecpg6
slessp2-postgresql
SUSE Linux Enterprise Server 11 SP3
  • libecpg6 >= 9.1.9-0.3.1
  • libpq5 >= 9.1.9-0.3.1
  • libpq5-32bit >= 9.1.9-0.3.1
  • postgresql >= 8.3.23-0.4.1
  • postgresql-contrib >= 8.3.23-0.4.1
  • postgresql-docs >= 8.3.23-0.4.1
  • postgresql-server >= 8.3.23-0.4.1
  • postgresql91 >= 9.1.9-0.3.1
  • postgresql91-contrib >= 9.1.9-0.3.1
  • postgresql91-docs >= 9.1.9-0.3.1
  • postgresql91-server >= 9.1.9-0.3.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libecpg6
SUSE Linux Enterprise Server 11 SP3 GA postgresql
SUSE Linux Enterprise Server 11 SP4
  • libecpg6 >= 9.4.4-0.6.2
  • libpq5 >= 9.4.4-0.6.2
  • libpq5-32bit >= 9.4.4-0.6.2
  • postgresql >= 8.3.23-0.4.1
  • postgresql-contrib >= 8.3.23-0.4.1
  • postgresql-docs >= 8.3.23-0.4.1
  • postgresql-server >= 8.3.23-0.4.1
  • postgresql94 >= 9.4.4-0.6.2
  • postgresql94-contrib >= 9.4.4-0.6.2
  • postgresql94-docs >= 9.4.4-0.6.2
  • postgresql94-server >= 9.4.4-0.6.2
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libecpg6
SUSE Linux Enterprise Server 11 SP4 GA postgresql
SUSE Linux Enterprise Server 12
  • libecpg6 >= 9.3.5-2.3
  • libpq5 >= 9.3.5-2.3
  • libpq5-32bit >= 9.3.5-2.3
  • postgresql93 >= 9.3.5-2.24
  • postgresql93-contrib >= 9.3.5-2.24
  • postgresql93-docs >= 9.3.5-2.24
  • postgresql93-server >= 9.3.5-2.24
Patchnames:
SUSE Linux Enterprise Server 12 GA libecpg6
SUSE Linux Enterprise Server 12 SP1
  • libecpg6 >= 9.4.5-4.1
  • libpq5 >= 9.4.5-4.1
  • libpq5-32bit >= 9.4.5-4.1
  • postgresql94 >= 9.4.5-4.5
  • postgresql94-contrib >= 9.4.5-4.5
  • postgresql94-docs >= 9.4.5-4.5
  • postgresql94-server >= 9.4.5-4.5
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libecpg6
SUSE Linux Enterprise Server 12 SP2
  • libecpg6 >= 9.4.9-14.1
  • libpq5 >= 9.4.9-14.1
  • libpq5-32bit >= 9.4.9-14.1
  • postgresql94 >= 9.4.9-14.1
  • postgresql94-contrib >= 9.4.9-14.1
  • postgresql94-docs >= 9.4.9-14.1
  • postgresql94-server >= 9.4.9-14.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libecpg6
SUSE Linux Enterprise Server for VMWare 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-32bit >= 9.1.8-0.5.1
  • libpq5-x86 >= 9.1.9-0.3.1
  • postgresql >= 8.3.23-0.4.1
  • postgresql-contrib >= 8.3.23-0.4.1
  • postgresql-docs >= 8.3.23-0.4.1
  • postgresql-server >= 8.3.23-0.4.1
  • postgresql91 >= 9.1.8-0.5.1
  • postgresql91-contrib >= 9.1.8-0.5.1
  • postgresql91-docs >= 9.1.8-0.5.1
  • postgresql91-server >= 9.1.8-0.5.1
Patchnames:
slessp2-libecpg6
slessp2-postgresql
SUSE Linux Enterprise Software Development Kit 11 SP2
  • postgresql91-devel >= 9.1.8-0.5.1
Patchnames:
sdksp2-libecpg6
SUSE Linux Enterprise Software Development Kit 11 SP4
  • postgresql-devel >= 8.3.23-0.4.1
  • postgresql94-devel >= 9.4.4-0.6.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA postgresql-devel
SUSE Linux Enterprise Software Development Kit 11 SP4 GA postgresql94-devel
SUSE Linux Enterprise Software Development Kit 12
  • postgresql93-devel >= 9.3.5-2.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA postgresql93-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • postgresql94-devel >= 9.4.5-4.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA postgresql94-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • postgresql94-devel >= 9.4.9-14.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA postgresql94-devel
SUSE Linux Enterprise Software Development Kit 11 SP2
  • postgresql91-devel >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
SUSE Linux Enterprise Desktop 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • postgresql91 >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
SUSE Linux Enterprise Desktop 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-32bit >= 9.1.8-0.5.1
  • postgresql91 >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • postgresql91 >= 9.1.8-0.5.1
  • postgresql91-contrib >= 9.1.8-0.5.1
  • postgresql91-docs >= 9.1.8-0.5.1
  • postgresql91-server >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-32bit >= 9.1.8-0.5.1
  • postgresql91 >= 9.1.8-0.5.1
  • postgresql91-contrib >= 9.1.8-0.5.1
  • postgresql91-docs >= 9.1.8-0.5.1
  • postgresql91-server >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2
  • libecpg6 >= 9.1.8-0.5.1
  • libpq5 >= 9.1.8-0.5.1
  • libpq5-x86 >= 9.1.8-0.5.1
  • postgresql91 >= 9.1.8-0.5.1
  • postgresql91-contrib >= 9.1.8-0.5.1
  • postgresql91-docs >= 9.1.8-0.5.1
  • postgresql91-server >= 9.1.8-0.5.1
Builds
SAT Patch Nr: 7342
BDK 11 SP2
  • postgresql-devel >= 8.3.23-0.4.1
  • postgresql-libs >= 8.3.23-0.4.1
Builds
SAT Patch Nr: 7340
SUSE Linux Enterprise Desktop 11 SP2
  • postgresql >= 8.3.23-0.4.1
Builds
SAT Patch Nr: 7340
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • postgresql >= 8.3.23-0.4.1
  • postgresql-contrib >= 8.3.23-0.4.1
  • postgresql-docs >= 8.3.23-0.4.1
  • postgresql-server >= 8.3.23-0.4.1
Builds
SAT Patch Nr: 7340
openSUSE 13.2
  • libecpg6 >= 9.3.5-2.1.14
  • libpq5 >= 9.3.5-2.1.14
  • libpq5-32bit >= 9.3.5-2.1.14
  • postgresql93 >= 9.3.5-2.1.14
  • postgresql93-contrib >= 9.3.5-2.1.14
  • postgresql93-devel >= 9.3.5-2.1.14
  • postgresql93-docs >= 9.3.5-2.1.14
  • postgresql93-server >= 9.3.5-2.1.14
Patchnames:
openSUSE 13.2 GA libecpg6
openSUSE Evergreen 11.4
  • libecpg6 >= 9.0.12-27.1
  • libecpg6-debuginfo >= 9.0.12-27.1
  • libpq5 >= 9.0.12-27.1
  • libpq5-32bit >= 9.0.12-27.1
  • libpq5-debuginfo >= 9.0.12-27.1
  • libpq5-debuginfo-32bit >= 9.0.12-27.1
  • libpq5-debuginfo-x86 >= 9.0.12-27.1
  • libpq5-x86 >= 9.0.12-27.1
  • postgresql >= 9.0.12-27.1
  • postgresql-contrib >= 9.0.12-27.1
  • postgresql-contrib-debuginfo >= 9.0.12-27.1
  • postgresql-debuginfo >= 9.0.12-27.1
  • postgresql-debugsource >= 9.0.12-27.1
  • postgresql-devel >= 9.0.12-27.1
  • postgresql-devel-debuginfo >= 9.0.12-27.1
  • postgresql-docs >= 9.0.12-27.1
  • postgresql-libs >= 9.0.12-27.1
  • postgresql-libs-debugsource >= 9.0.12-27.1
  • postgresql-plperl >= 9.0.12-27.1
  • postgresql-plperl-debuginfo >= 9.0.12-27.1
  • postgresql-plpython >= 9.0.12-27.1
  • postgresql-plpython-debuginfo >= 9.0.12-27.1
  • postgresql-pltcl >= 9.0.12-27.1
  • postgresql-pltcl-debuginfo >= 9.0.12-27.1
  • postgresql-server >= 9.0.12-27.1
  • postgresql-server-debuginfo >= 9.0.12-27.1
Patchnames:
2013-28
openSUSE Leap 42.1
  • libecpg6 >= 9.4.5-1.1
  • libpq5 >= 9.4.5-1.1
  • libpq5-32bit >= 9.4.5-1.1
  • postgresql94 >= 9.4.5-1.2
  • postgresql94-contrib >= 9.4.5-1.2
  • postgresql94-devel >= 9.4.5-1.1
  • postgresql94-docs >= 9.4.5-1.2
  • postgresql94-server >= 9.4.5-1.2
Patchnames:
openSUSE Leap 42.1 GA libecpg6
openSUSE Leap 42.2
  • libecpg6 >= 9.4.9-8.1
  • libpq5 >= 9.4.9-8.1
  • postgresql93-docs >= 9.3.11-4.1
  • postgresql94 >= 9.4.9-8.1
  • postgresql94-contrib >= 9.4.9-8.1
  • postgresql94-devel >= 9.4.9-8.1
  • postgresql94-docs >= 9.4.9-8.1
  • postgresql94-server >= 9.4.9-8.1
Patchnames:
openSUSE Leap 42.2 GA libecpg6
openSUSE Leap 42.2 GA postgresql93-docs
openSUSE Tumbleweed
  • libecpg6 >= 9.5.4-1.2
  • libecpg6-32bit >= 9.5.4-1.2
  • libpq5 >= 9.5.4-1.2
  • libpq5-32bit >= 9.5.4-1.2
  • postgresql93 >= 9.3.15-1.1
  • postgresql93-contrib >= 9.3.15-1.1
  • postgresql93-devel >= 9.3.15-1.1
  • postgresql93-docs >= 9.3.15-1.1
  • postgresql93-plperl >= 9.3.15-1.1
  • postgresql93-plpython >= 9.3.15-1.1
  • postgresql93-pltcl >= 9.3.15-1.1
  • postgresql93-server >= 9.3.15-1.1
  • postgresql93-test >= 9.3.15-1.1
  • postgresql94 >= 9.4.10-1.1
  • postgresql94-contrib >= 9.4.10-1.1
  • postgresql94-devel >= 9.4.10-1.1
  • postgresql94-docs >= 9.4.10-1.1
  • postgresql94-plperl >= 9.4.10-1.1
  • postgresql94-plpython >= 9.4.10-1.1
  • postgresql94-pltcl >= 9.4.10-1.1
  • postgresql94-server >= 9.4.10-1.1
  • postgresql94-test >= 9.4.10-1.1
  • postgresql95 >= 9.5.4-1.2
  • postgresql95-contrib >= 9.5.4-1.2
  • postgresql95-devel >= 9.5.4-1.2
  • postgresql95-docs >= 9.5.4-1.2
  • postgresql95-plperl >= 9.5.4-1.2
  • postgresql95-plpython >= 9.5.4-1.2
  • postgresql95-pltcl >= 9.5.4-1.2
  • postgresql95-server >= 9.5.4-1.2
  • postgresql95-test >= 9.5.4-1.2
Patchnames:
openSUSE Tumbleweed GA libecpg6-32bit
openSUSE Tumbleweed GA postgresql93
openSUSE Tumbleweed GA postgresql94