Novell Home

CVE-2014-0062

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0062 at MITRE

Description

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

NVD CVSS v2 Base Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 864847, 864856

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • postgresql91-debuginfo >= 9.1.12-0.3.1
  • postgresql91-libs-debuginfo >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8969
SLE 11 SP3 DEBUGINFO
  • postgresql91-debuginfo >= 9.1.12-0.3.1
  • postgresql91-debugsource >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970
SUSE Linux Enterprise Software Development Kit 11 SP3
  • postgresql91-devel >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970
SUSE Linux Enterprise Desktop 11 SP3
  • libecpg6 >= 9.1.12-0.3.1
  • libpq5 >= 9.1.12-0.3.1
  • postgresql91 >= 9.1.12-0.3.1
  • postgresql91-docs >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970
SUSE Linux Enterprise Desktop 11 SP3
  • libecpg6 >= 9.1.12-0.3.1
  • libpq5 >= 9.1.12-0.3.1
  • libpq5-32bit >= 9.1.12-0.3.1
  • postgresql91 >= 9.1.12-0.3.1
  • postgresql91-docs >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libecpg6 >= 9.1.12-0.3.1
  • libpq5 >= 9.1.12-0.3.1
  • postgresql91 >= 9.1.12-0.3.1
  • postgresql91-contrib >= 9.1.12-0.3.1
  • postgresql91-docs >= 9.1.12-0.3.1
  • postgresql91-server >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libecpg6 >= 9.1.12-0.3.1
  • libpq5 >= 9.1.12-0.3.1
  • libpq5-32bit >= 9.1.12-0.3.1
  • postgresql91 >= 9.1.12-0.3.1
  • postgresql91-contrib >= 9.1.12-0.3.1
  • postgresql91-docs >= 9.1.12-0.3.1
  • postgresql91-server >= 9.1.12-0.3.1
Builds
SAT Patch Nr: 8970

© 2014 Novell