Security update for PostgreSQL

SUSE Security Update: Security update for PostgreSQL
Announcement ID: SUSE-SU-2012:0702-1
Rating: low
References: #749299 #749303
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4

  • An update that fixes two vulnerabilities is now available.

    Description:


    * Security and bugfix release:
    * Require execute permission on the trigger function
    for CREATE TRIGGER (CVE-2012-0866, bnc#749299).
    * Convert newlines to spaces in names written in
    pg_dump comments (CVE-2012-0868, bnc#749303).

    Please see the PostgreSQL release notes document for full
    changelog and details:

    http://www.postgresql.org/docs/8.3/static/release.html


    Security Issue references:

    * CVE-2012-0868
    >
    * CVE-2012-0866
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64):
    • postgresql-8.1.22-0.8.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
    • postgresql-contrib-8.1.22-0.8.1
    • postgresql-devel-8.1.22-0.8.1
    • postgresql-docs-8.1.22-0.8.1
    • postgresql-libs-8.1.22-0.8.1
    • postgresql-server-8.1.22-0.8.1
    • SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
    • postgresql-libs-32bit-8.1.22-0.8.1
    • SUSE Linux Enterprise Server 10 SP4 (ia64):
    • postgresql-libs-x86-8.1.22-0.8.1
    • SUSE Linux Enterprise Server 10 SP4 (ppc):
    • postgresql-libs-64bit-8.1.22-0.8.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
    • postgresql-devel-8.1.22-0.8.1
    • postgresql-libs-8.1.22-0.8.1
    • SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
    • postgresql-libs-32bit-8.1.22-0.8.1
    • SLE SDK 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64):
    • postgresql-8.1.22-0.8.1
    • SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
    • postgresql-contrib-8.1.22-0.8.1
    • postgresql-devel-8.1.22-0.8.1
    • postgresql-docs-8.1.22-0.8.1
    • postgresql-server-8.1.22-0.8.1

    References:

  • http://support.novell.com/security/cve/CVE-2012-0866.html
  • http://support.novell.com/security/cve/CVE-2012-0868.html
  • https://bugzilla.novell.com/749299
  • https://bugzilla.novell.com/749303
  • http://download.suse.com/patch/finder/?keywords=bb8dbe40ca6eb550de22331990660c8f