Описание
Security update for postgresql10
This update for postgresql10 to version 10.9 fixes the following issue:
Security issue fixed:
- CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).
More information at https://www.postgresql.org/docs/10/release-10-9.html
Список пакетов
SUSE Enterprise Storage 4
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Enterprise Storage 5
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Desktop 12 SP4
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
SUSE Linux Enterprise Server 12 SP1-LTSS
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server 12 SP2-BCL
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server 12 SP2-LTSS
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server 12 SP3-LTSS
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server 12 SP4
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server 12-LTSS
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE Linux Enterprise Software Development Kit 12 SP4
postgresql10-devel-10.9-1.12.1
SUSE OpenStack Cloud 7
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
SUSE OpenStack Cloud 8
libecpg6-10.9-1.12.1
libpq5-10.9-1.12.1
libpq5-32bit-10.9-1.12.1
postgresql10-10.9-1.12.2
postgresql10-contrib-10.9-1.12.2
postgresql10-docs-10.9-1.12.2
postgresql10-plperl-10.9-1.12.2
postgresql10-plpython-10.9-1.12.2
postgresql10-pltcl-10.9-1.12.2
postgresql10-server-10.9-1.12.2
Ссылки
- Link for SUSE-SU-2019:1783-1
- E-Mail link for SUSE-SU-2019:1783-1
- SUSE Security Ratings
- SUSE Bug 1138034
- SUSE CVE CVE-2019-10164 page
Описание
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Затронутые продукты
SUSE Enterprise Storage 4:libecpg6-10.9-1.12.1
SUSE Enterprise Storage 4:libpq5-10.9-1.12.1
SUSE Enterprise Storage 4:libpq5-32bit-10.9-1.12.1
SUSE Enterprise Storage 4:postgresql10-10.9-1.12.2
Ссылки
- CVE-2019-10164
- SUSE Bug 1138034