Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
The database server PostgreSQL had various security problems which have been fixed by upgrading to the respective minor versions fixing those problems.
This could have been used by remote attackers having access to the SQL server being able to get user rights or corrupt the database.
Following security issues have been fixed:
- Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-4769
- DBLink Privilege Escalation: CVE-2007-6601
The new PostgreSQL versions are:
- SUSE Linux Enterprise 10: 8.1.1
- SUSE Linux Enterprise Server 9: 7.4.19
- SUSE Linux 10.1 and openSUSE 10.2: 8.1.1
- openSUSE 10.3: 8.2.6
Affected
postgresql on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities