Описание
Security update for postgresql94
This update for postgresql94 fixes the following issues:
Security issues fixed:
- CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925).
Bug fixes:
- See release notes for details:
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
postgresql94-9.4.17-21.19.1
SUSE Linux Enterprise Server 12 SP2
postgresql94-9.4.17-21.19.1
postgresql94-contrib-9.4.17-21.19.1
postgresql94-docs-9.4.17-21.19.1
postgresql94-server-9.4.17-21.19.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
postgresql94-9.4.17-21.19.1
postgresql94-contrib-9.4.17-21.19.1
postgresql94-docs-9.4.17-21.19.1
postgresql94-server-9.4.17-21.19.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
postgresql94-9.4.17-21.19.1
postgresql94-contrib-9.4.17-21.19.1
postgresql94-docs-9.4.17-21.19.1
postgresql94-server-9.4.17-21.19.1
SUSE Linux Enterprise Software Development Kit 12 SP2
postgresql94-devel-9.4.17-21.19.1
Ссылки
- Link for SUSE-SU-2018:0876-1
- E-Mail link for SUSE-SU-2018:0876-1
- SUSE Security Ratings
- SUSE Bug 1081925
- SUSE CVE CVE-2018-1058 page
Описание
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.17-21.19.1
SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.17-21.19.1
SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.17-21.19.1
SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.17-21.19.1
Ссылки
- CVE-2018-1058
- SUSE Bug 1081925
- SUSE Bug 1175193
- SUSE Bug 1175194
- SUSE Bug 1185814