803057 – (`) PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released

Bug 803057 (`) - PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released

Summary: PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23 released

Status:	RESOLVED DUPLICATE of bug 802679

Alias:	`

Product:	openSUSE 12.2
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Final
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-02-11 11:59 UTC by Forgotten User 5wsNBe_fTf
Modified:	2018-10-23 14:52 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Forgotten User 5wsNBe_fTf 2013-02-11 11:59:41 UTC

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0

From postgresql.org:

The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible.

The security issue fixed in this release, CVE-2013-0255, allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.

Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.

Reproducible: Always

Comment 1 Bernhard Wiedemann 2013-02-12 07:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (803057) was mentioned in
https://build.opensuse.org/request/show/155175 Evergreen:11.2 / postgresql

Comment 2 Marcus Meissner 2013-02-12 08:18:50 UTC

dup of 802679 basically, but i leave it open for you :)

Comment 3 Marcus Meissner 2013-02-12 08:57:32 UTC

actually leaving open not necessary i think

*** This bug has been marked as a duplicate of bug 802679 ***

Comment 4 Forgotten User 5wsNBe_fTf 2013-02-12 09:03:08 UTC

I was just attempting to do so :-)
The only bug I see here is why bugzilla didn't find the bug using postgres keyword. But I assume it's my fault not using advanced search options.
Already correcting bnc in Evergreens submissions.

Comment 5 Swamp Workflow Management 2013-02-21 14:04:26 UTC

openSUSE-SU-2013:0319-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 803057
CVE References: CVE-2013-0255
Sources used:
openSUSE 11.4 (src):    postgresql-9.0.12-27.1, postgresql-libs-9.0.12-27.1