Detections
Analytics

openSUSE Security Update : postgresql92 (openSUSE-2015-708)

medium Nessus Plugin ID 86777

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

postgresql92 was updated to version 9.2.14 to fix one security issue.

This security issue was fixed :

 - CVE-2015-5288: The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allowed attackers to cause a denial of service (server crash) or read arbitrary server memory via a 'too-short' salt (bsc#949669).

For the full release notes see:
http://www.postgresql.org/docs/current/static/release-9-2-14.html

Solution

Update the affected postgresql92 packages.

See Also

https://www.postgresql.org/docs/current/release-9-2-14.html

https://bugzilla.opensuse.org/show_bug.cgi?id=949669

Plugin Details

Severity: Medium

ID: 86777

File Name: openSUSE-2015-708.nasl

Version: 2.7

Type: local

Agent: unix

Published: 11/6/2015

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libecpg6, p-cpe:/a:novell:opensuse:postgresql92-server, p-cpe:/a:novell:opensuse:libpq5-debuginfo, p-cpe:/a:novell:opensuse:libpq5, p-cpe:/a:novell:opensuse:postgresql92-plperl, p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit, p-cpe:/a:novell:opensuse:libecpg6-32bit, p-cpe:/a:novell:opensuse:postgresql92-plpython-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-libs-debugsource, p-cpe:/a:novell:opensuse:postgresql92-contrib, p-cpe:/a:novell:opensuse:postgresql92-pltcl-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-debugsource, p-cpe:/a:novell:opensuse:postgresql92-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-devel-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:postgresql92-pltcl, p-cpe:/a:novell:opensuse:postgresql92-plperl-debuginfo, p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit, p-cpe:/a:novell:opensuse:postgresql92, p-cpe:/a:novell:opensuse:postgresql92-server-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-contrib-debuginfo, p-cpe:/a:novell:opensuse:postgresql92-devel, p-cpe:/a:novell:opensuse:postgresql92-plpython, p-cpe:/a:novell:opensuse:libpq5-32bit, p-cpe:/a:novell:opensuse:libecpg6-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/28/2015

Reference Information

CVE: CVE-2015-5288