Detections
Analytics

openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)

medium Nessus Plugin ID 75281

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes :

 - Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845)

 - Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846)

 - Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847)

 - Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850)

 - Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851)

 - Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852)

 - Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853)

 - Document risks of make check in the regression testing instructions (CVE-2014-0067)

 - For the other (many!) bug fixes, see the release notes:
 http://www.postgresql.org/docs/9.3/static/release-9-2-7.
 html

Solution

Update the affected postgresql92 packages.

See Also

https://www.postgresql.org/docs/9.3/release-9-2-7.html

https://bugzilla.novell.com/show_bug.cgi?id=864845

https://bugzilla.novell.com/show_bug.cgi?id=864846

https://bugzilla.novell.com/show_bug.cgi?id=864847

https://bugzilla.novell.com/show_bug.cgi?id=864850

https://bugzilla.novell.com/show_bug.cgi?id=864851

https://bugzilla.novell.com/show_bug.cgi?id=864852

https://bugzilla.novell.com/show_bug.cgi?id=864853

https://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Plugin Details

Severity: Medium

ID: 75281

File Name: openSUSE-2014-192.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:postgresql92-server, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:postgresql92-plperl, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:libecpg6-32bit, p-cpe:/a:novell:opensuse:postgresql92-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-libs-debugsource, p-cpe:/a:novell:opensuse:postgresql92-contrib, p-cpe:/a:novell:opensuse:postgresql92-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-debugsource, p-cpe:/a:novell:opensuse:postgresql92-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-devel-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:postgresql92-pltcl, p-cpe:/a:novell:opensuse:postgresql92-plperl-debuginfo, p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql92, cpe:/o:novell:opensuse:12.3, p-cpe:/a:novell:opensuse:postgresql92-server-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-devel, p-cpe:/a:novell:opensuse:postgresql92-plpython, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:libecpg6-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/28/2014

Reference Information

CVE: CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067