SUSE Security Update: Security update for PostgreSQL
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0633-2
Rating:             important
References:         #812525 
Cross-References:   CVE-2013-1899 CVE-2013-1900 CVE-2013-1901
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes one version update.

Description:


   This update of PostgreSQL to version 9.1.9 fixes:

   * CVE-2013-1899: Fix insecure parsing of server
   command-line switches.
   * CVE-2013-1900: Reset OpenSSL randomness state in each
   postmaster child process.
   * CVE-2013-1901: Make REPLICATION privilege checks test
   current user not authenticated user.

   Security Issue references:

   * CVE-2013-1899
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
   >
   * CVE-2013-1900
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
   >
   * CVE-2013-1901
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-libecpg6-7601

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New
 Version: 9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64) [New Version:
 9.1.9]:

      libpq5-32bit-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version:
 9.1.9]:

      libecpg6-9.1.9-0.3.1
      libpq5-9.1.9-0.3.1
      postgresql91-9.1.9-0.3.1
      postgresql91-contrib-9.1.9-0.3.1
      postgresql91-docs-9.1.9-0.3.1
      postgresql91-server-9.1.9-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version:
 9.1.9]:

      libpq5-32bit-9.1.9-0.3.1


References:

   http://support.novell.com/security/cve/CVE-2013-1899.html
   http://support.novell.com/security/cve/CVE-2013-1900.html
   http://support.novell.com/security/cve/CVE-2013-1901.html
   https://bugzilla.novell.com/812525
   ?keywords=6a0c9dcd9511dbcaec90c28d67b514e8

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org