Bug 803057 (`)

Summary: PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released
Product: [openSUSE] openSUSE 12.2 Reporter: Forgotten User 5wsNBe_fTf <forgotten_5wsNBe_fTf>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User 5wsNBe_fTf 2013-02-11 11:59:41 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0

From postgresql.org:

The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible.

The security issue fixed in this release, CVE-2013-0255, allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.

Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.

Reproducible: Always
Comment 1 Bernhard Wiedemann 2013-02-12 07:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (803057) was mentioned in
https://build.opensuse.org/request/show/155175 Evergreen:11.2 / postgresql
Comment 2 Marcus Meissner 2013-02-12 08:18:50 UTC 
dup of 802679 basically, but i leave it open for you :)
Comment 3 Marcus Meissner 2013-02-12 08:57:32 UTC 
actually leaving open not necessary i think

*** This bug has been marked as a duplicate of bug 802679 ***
Comment 4 Forgotten User 5wsNBe_fTf 2013-02-12 09:03:08 UTC 
I was just attempting to do so :-)
The only bug I see here is why bugzilla didn't find the bug using postgres keyword. But I assume it's my fault not using advanced search options.
Already correcting bnc in Evergreens submissions.
Comment 5 Swamp Workflow Management 2013-02-21 14:04:26 UTC 
openSUSE-SU-2013:0319-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 803057
CVE References: CVE-2013-0255
Sources used:
openSUSE 11.4 (src):    postgresql-9.0.12-27.1, postgresql-libs-9.0.12-27.1