libecpg6-32bit-9.5.4-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10273 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libecpg6-32bit-9.5.4-1.2 on GA media These are all security issues fixed in the libecpg6-32bit-9.5.4-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10273 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10273 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-4772/ SUSE CVE CVE-2007-4772 page https://www.suse.com/security/cve/CVE-2007-6600/ SUSE CVE CVE-2007-6600 page https://www.suse.com/security/cve/CVE-2009-4034/ SUSE CVE CVE-2009-4034 page https://www.suse.com/security/cve/CVE-2009-4136/ SUSE CVE CVE-2009-4136 page https://www.suse.com/security/cve/CVE-2010-1169/ SUSE CVE CVE-2010-1169 page https://www.suse.com/security/cve/CVE-2010-1170/ SUSE CVE CVE-2010-1170 page https://www.suse.com/security/cve/CVE-2010-3433/ SUSE CVE CVE-2010-3433 page https://www.suse.com/security/cve/CVE-2012-0866/ SUSE CVE CVE-2012-0866 page https://www.suse.com/security/cve/CVE-2012-0867/ SUSE CVE CVE-2012-0867 page https://www.suse.com/security/cve/CVE-2012-0868/ SUSE CVE CVE-2012-0868 page https://www.suse.com/security/cve/CVE-2012-2143/ SUSE CVE CVE-2012-2143 page https://www.suse.com/security/cve/CVE-2012-2655/ SUSE CVE CVE-2012-2655 page https://www.suse.com/security/cve/CVE-2012-3488/ SUSE CVE CVE-2012-3488 page https://www.suse.com/security/cve/CVE-2012-3489/ SUSE CVE CVE-2012-3489 page https://www.suse.com/security/cve/CVE-2013-0255/ SUSE CVE CVE-2013-0255 page https://www.suse.com/security/cve/CVE-2013-1899/ SUSE CVE CVE-2013-1899 page https://www.suse.com/security/cve/CVE-2013-1900/ SUSE CVE CVE-2013-1900 page https://www.suse.com/security/cve/CVE-2013-1901/ SUSE CVE CVE-2013-1901 page https://www.suse.com/security/cve/CVE-2014-0060/ SUSE CVE CVE-2014-0060 page https://www.suse.com/security/cve/CVE-2014-0061/ SUSE CVE CVE-2014-0061 page https://www.suse.com/security/cve/CVE-2014-0062/ SUSE CVE CVE-2014-0062 page https://www.suse.com/security/cve/CVE-2014-0063/ SUSE CVE CVE-2014-0063 page https://www.suse.com/security/cve/CVE-2014-0064/ SUSE CVE CVE-2014-0064 page https://www.suse.com/security/cve/CVE-2014-0065/ SUSE CVE CVE-2014-0065 page https://www.suse.com/security/cve/CVE-2014-0066/ SUSE CVE CVE-2014-0066 page https://www.suse.com/security/cve/CVE-2014-0067/ SUSE CVE CVE-2014-0067 page https://www.suse.com/security/cve/CVE-2015-3165/ SUSE CVE CVE-2015-3165 page https://www.suse.com/security/cve/CVE-2015-3166/ SUSE CVE CVE-2015-3166 page https://www.suse.com/security/cve/CVE-2015-3167/ SUSE CVE CVE-2015-3167 page https://www.suse.com/security/cve/CVE-2015-5288/ SUSE CVE CVE-2015-5288 page https://www.suse.com/security/cve/CVE-2015-5289/ SUSE CVE CVE-2015-5289 page https://www.suse.com/security/cve/CVE-2016-0766/ SUSE CVE CVE-2016-0766 page https://www.suse.com/security/cve/CVE-2016-0773/ SUSE CVE CVE-2016-0773 page https://www.suse.com/security/cve/CVE-2016-2193/ SUSE CVE CVE-2016-2193 page https://www.suse.com/security/cve/CVE-2016-3065/ SUSE CVE CVE-2016-3065 page https://www.suse.com/security/cve/CVE-2016-5423/ SUSE CVE CVE-2016-5423 page https://www.suse.com/security/cve/CVE-2016-5424/ SUSE CVE CVE-2016-5424 page openSUSE Tumbleweed libecpg6-9.5.4-1.2 libecpg6-32bit-9.5.4-1.2 libpq5-9.5.4-1.2 libpq5-32bit-9.5.4-1.2 postgresql95-9.5.4-1.2 postgresql95-contrib-9.5.4-1.2 postgresql95-devel-9.5.4-1.2 postgresql95-docs-9.5.4-1.2 postgresql95-plperl-9.5.4-1.2 postgresql95-plpython-9.5.4-1.2 postgresql95-pltcl-9.5.4-1.2 postgresql95-server-9.5.4-1.2 postgresql95-test-9.5.4-1.2 libecpg6-9.5.4-1.2 as a component of openSUSE Tumbleweed libecpg6-32bit-9.5.4-1.2 as a component of openSUSE Tumbleweed libpq5-9.5.4-1.2 as a component of openSUSE Tumbleweed libpq5-32bit-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-contrib-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-devel-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-docs-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-plperl-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-plpython-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-pltcl-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-server-9.5.4-1.2 as a component of openSUSE Tumbleweed postgresql95-test-9.5.4-1.2 as a component of openSUSE Tumbleweed The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. CVE-2007-4772 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4772.html CVE-2007-4772 https://bugzilla.suse.com/329282 SUSE Bug 329282 PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. CVE-2007-6600 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6600.html CVE-2007-6600 https://bugzilla.suse.com/329282 SUSE Bug 329282 https://bugzilla.suse.com/537706 SUSE Bug 537706 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2009-4034 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4034.html CVE-2009-4034 https://bugzilla.suse.com/564710 SUSE Bug 564710 https://bugzilla.suse.com/603968 SUSE Bug 603968 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. CVE-2009-4136 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-4136.html CVE-2009-4136 https://bugzilla.suse.com/564360 SUSE Bug 564360 https://bugzilla.suse.com/603969 SUSE Bug 603969 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. CVE-2010-1169 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1169.html CVE-2010-1169 https://bugzilla.suse.com/605926 SUSE Bug 605926 https://bugzilla.suse.com/648140 SUSE Bug 648140 The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. CVE-2010-1170 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1170.html CVE-2010-1170 https://bugzilla.suse.com/605845 SUSE Bug 605845 https://bugzilla.suse.com/605926 SUSE Bug 605926 https://bugzilla.suse.com/634562 SUSE Bug 634562 https://bugzilla.suse.com/648140 SUSE Bug 648140 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. CVE-2010-3433 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3433.html CVE-2010-3433 https://bugzilla.suse.com/643771 SUSE Bug 643771 https://bugzilla.suse.com/648140 SUSE Bug 648140 CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. CVE-2012-0866 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0866.html CVE-2012-0866 https://bugzilla.suse.com/701489 SUSE Bug 701489 https://bugzilla.suse.com/749299 SUSE Bug 749299 https://bugzilla.suse.com/749301 SUSE Bug 749301 https://bugzilla.suse.com/749303 SUSE Bug 749303 PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. CVE-2012-0867 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0867.html CVE-2012-0867 https://bugzilla.suse.com/701489 SUSE Bug 701489 https://bugzilla.suse.com/749299 SUSE Bug 749299 https://bugzilla.suse.com/749301 SUSE Bug 749301 https://bugzilla.suse.com/749303 SUSE Bug 749303 CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. CVE-2012-0868 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0868.html CVE-2012-0868 https://bugzilla.suse.com/701489 SUSE Bug 701489 https://bugzilla.suse.com/749299 SUSE Bug 749299 https://bugzilla.suse.com/749301 SUSE Bug 749301 https://bugzilla.suse.com/749303 SUSE Bug 749303 The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. CVE-2012-2143 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2143.html CVE-2012-2143 https://bugzilla.suse.com/766797 SUSE Bug 766797 https://bugzilla.suse.com/766798 SUSE Bug 766798 https://bugzilla.suse.com/766799 SUSE Bug 766799 PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. CVE-2012-2655 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2655.html CVE-2012-2655 https://bugzilla.suse.com/765069 SUSE Bug 765069 The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. CVE-2012-3488 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3488.html CVE-2012-3488 https://bugzilla.suse.com/776523 SUSE Bug 776523 The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. CVE-2012-3489 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3489.html CVE-2012-3489 https://bugzilla.suse.com/776524 SUSE Bug 776524 PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. CVE-2013-0255 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0255.html CVE-2013-0255 https://bugzilla.suse.com/802679 SUSE Bug 802679 https://bugzilla.suse.com/803057 SUSE Bug 803057 Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). CVE-2013-1899 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1899.html CVE-2013-1899 https://bugzilla.suse.com/812525 SUSE Bug 812525 PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." CVE-2013-1900 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1900.html CVE-2013-1900 https://bugzilla.suse.com/812525 SUSE Bug 812525 PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. CVE-2013-1901 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1901.html CVE-2013-1901 https://bugzilla.suse.com/812525 SUSE Bug 812525 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. CVE-2014-0060 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0060.html CVE-2014-0060 https://bugzilla.suse.com/864845 SUSE Bug 864845 https://bugzilla.suse.com/864856 SUSE Bug 864856 The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. CVE-2014-0061 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0061.html CVE-2014-0061 https://bugzilla.suse.com/864846 SUSE Bug 864846 https://bugzilla.suse.com/864856 SUSE Bug 864856 Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. CVE-2014-0062 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0062.html CVE-2014-0062 https://bugzilla.suse.com/864847 SUSE Bug 864847 https://bugzilla.suse.com/864856 SUSE Bug 864856 Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. CVE-2014-0063 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0063.html CVE-2014-0063 https://bugzilla.suse.com/864850 SUSE Bug 864850 https://bugzilla.suse.com/864856 SUSE Bug 864856 Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. CVE-2014-0064 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0064.html CVE-2014-0064 https://bugzilla.suse.com/864851 SUSE Bug 864851 https://bugzilla.suse.com/864856 SUSE Bug 864856 https://bugzilla.suse.com/871307 SUSE Bug 871307 Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. CVE-2014-0065 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0065.html CVE-2014-0065 https://bugzilla.suse.com/864852 SUSE Bug 864852 https://bugzilla.suse.com/864856 SUSE Bug 864856 The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. CVE-2014-0066 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0066.html CVE-2014-0066 https://bugzilla.suse.com/864853 SUSE Bug 864853 https://bugzilla.suse.com/864856 SUSE Bug 864856 The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. CVE-2014-0067 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0067.html CVE-2014-0067 https://bugzilla.suse.com/864856 SUSE Bug 864856 https://bugzilla.suse.com/872783 SUSE Bug 872783 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. CVE-2015-3165 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3165.html CVE-2015-3165 https://bugzilla.suse.com/931972 SUSE Bug 931972 https://bugzilla.suse.com/931973 SUSE Bug 931973 https://bugzilla.suse.com/931974 SUSE Bug 931974 https://bugzilla.suse.com/932040 SUSE Bug 932040 The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. CVE-2015-3166 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3166.html CVE-2015-3166 https://bugzilla.suse.com/931972 SUSE Bug 931972 https://bugzilla.suse.com/931973 SUSE Bug 931973 https://bugzilla.suse.com/931974 SUSE Bug 931974 https://bugzilla.suse.com/932040 SUSE Bug 932040 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. CVE-2015-3167 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3167.html CVE-2015-3167 https://bugzilla.suse.com/931972 SUSE Bug 931972 https://bugzilla.suse.com/931973 SUSE Bug 931973 https://bugzilla.suse.com/931974 SUSE Bug 931974 https://bugzilla.suse.com/932040 SUSE Bug 932040 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. CVE-2015-5288 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5288.html CVE-2015-5288 https://bugzilla.suse.com/949669 SUSE Bug 949669 https://bugzilla.suse.com/949670 SUSE Bug 949670 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. CVE-2015-5289 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5289.html CVE-2015-5289 https://bugzilla.suse.com/949669 SUSE Bug 949669 https://bugzilla.suse.com/949670 SUSE Bug 949670 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. CVE-2016-0766 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0766.html CVE-2016-0766 https://bugzilla.suse.com/966435 SUSE Bug 966435 https://bugzilla.suse.com/966436 SUSE Bug 966436 https://bugzilla.suse.com/978323 SUSE Bug 978323 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. CVE-2016-0773 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0773.html CVE-2016-0773 https://bugzilla.suse.com/966435 SUSE Bug 966435 https://bugzilla.suse.com/966436 SUSE Bug 966436 https://bugzilla.suse.com/978323 SUSE Bug 978323 https://bugzilla.suse.com/983246 SUSE Bug 983246 https://bugzilla.suse.com/986409 SUSE Bug 986409 PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. CVE-2016-2193 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2193.html CVE-2016-2193 https://bugzilla.suse.com/978456 SUSE Bug 978456 The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. CVE-2016-3065 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3065.html CVE-2016-3065 https://bugzilla.suse.com/978456 SUSE Bug 978456 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. CVE-2016-5423 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5423.html CVE-2016-5423 https://bugzilla.suse.com/1041981 SUSE Bug 1041981 https://bugzilla.suse.com/1042497 SUSE Bug 1042497 https://bugzilla.suse.com/1052683 SUSE Bug 1052683 https://bugzilla.suse.com/993454 SUSE Bug 993454 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. CVE-2016-5424 openSUSE Tumbleweed:libecpg6-32bit-9.5.4-1.2 openSUSE Tumbleweed:libecpg6-9.5.4-1.2 openSUSE Tumbleweed:libpq5-32bit-9.5.4-1.2 openSUSE Tumbleweed:libpq5-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-contrib-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-devel-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-docs-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plperl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-plpython-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-pltcl-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-server-9.5.4-1.2 openSUSE Tumbleweed:postgresql95-test-9.5.4-1.2 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5424.html CVE-2016-5424 https://bugzilla.suse.com/1041981 SUSE Bug 1041981 https://bugzilla.suse.com/1042497 SUSE Bug 1042497 https://bugzilla.suse.com/1052683 SUSE Bug 1052683 https://bugzilla.suse.com/993453 SUSE Bug 993453