CVE-2012-0868

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-0868 at MITRE

Description

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 701489, 749299, 749301, 749303

SUSE Security Advisories:

openSUSE-SU-2012:0480-1, published Wed, 11 Apr 2012 17:08:42 +0200 (CEST)
openSUSE-SU-2012:1173-1, published Fri, 14 Sep 2012 14:11:29 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP1 DEBUGINFO	`postgresql-debuginfo >= 8.3.18-0.3.1` `postgresql-debugsource >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`postgresql-devel >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`postgresql >= 8.3.18-0.3.1` `postgresql-libs >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`postgresql >= 8.3.18-0.3.1` `postgresql-libs >= 8.3.18-0.3.1` `postgresql-libs-32bit >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`postgresql >= 8.3.18-0.3.1` `postgresql-contrib >= 8.3.18-0.3.1` `postgresql-docs >= 8.3.18-0.3.1` `postgresql-libs >= 8.3.18-0.3.1` `postgresql-server >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2	`postgresql >= 8.3.18-0.3.1` `postgresql-contrib >= 8.3.18-0.3.1` `postgresql-docs >= 8.3.18-0.3.1` `postgresql-libs >= 8.3.18-0.3.1` `postgresql-libs-x86 >= 8.3.18-0.3.1` `postgresql-server >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`postgresql >= 8.3.18-0.3.1` `postgresql-contrib >= 8.3.18-0.3.1` `postgresql-docs >= 8.3.18-0.3.1` `postgresql-libs >= 8.3.18-0.3.1` `postgresql-libs-32bit >= 8.3.18-0.3.1` `postgresql-server >= 8.3.18-0.3.1`	Builds SAT Patch Nr: 6023
SUSE Linux Enterprise Desktop 10 SP4 for x86	`postgresql-devel >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`postgresql-devel >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1` `postgresql-libs-32bit >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86	`postgresql >= 8.1.22-0.8.1` `postgresql-contrib >= 8.1.22-0.8.1` `postgresql-devel >= 8.1.22-0.8.1` `postgresql-docs >= 8.1.22-0.8.1` `postgresql-server >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SUSE Linux Enterprise Server 10 SP4 for x86	`postgresql >= 8.1.22-0.8.1` `postgresql-contrib >= 8.1.22-0.8.1` `postgresql-devel >= 8.1.22-0.8.1` `postgresql-docs >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1` `postgresql-server >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SUSE Linux Enterprise Server 10 SP4 for IPF	`postgresql >= 8.1.22-0.8.1` `postgresql-contrib >= 8.1.22-0.8.1` `postgresql-devel >= 8.1.22-0.8.1` `postgresql-docs >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1` `postgresql-libs-x86 >= 8.1.22-0.8.1` `postgresql-server >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`postgresql >= 8.1.22-0.8.1` `postgresql-contrib >= 8.1.22-0.8.1` `postgresql-devel >= 8.1.22-0.8.1` `postgresql-docs >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1` `postgresql-libs-64bit >= 8.1.22-0.8.1` `postgresql-server >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`postgresql >= 8.1.22-0.8.1` `postgresql-contrib >= 8.1.22-0.8.1` `postgresql-devel >= 8.1.22-0.8.1` `postgresql-docs >= 8.1.22-0.8.1` `postgresql-libs >= 8.1.22-0.8.1` `postgresql-libs-32bit >= 8.1.22-0.8.1` `postgresql-server >= 8.1.22-0.8.1`	Builds ZYPP Patch Nr: 8071

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy