SUSE-SU-2019:2158-1

Опубликовано: 15 окт. 2019

Источник: suse-cvrf

Описание

Security update for postgresql94

This update for postgresql94 fixes the following issues:

Security issue fixed:

CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).

Список пакетов

SUSE Enterprise Storage 4

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE Linux Enterprise Server 12 SP1-LTSS

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE Linux Enterprise Server 12 SP2-BCL

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE Linux Enterprise Server 12 SP2-LTSS

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

SUSE OpenStack Cloud 7

postgresql94-9.4.24-21.25.1

postgresql94-contrib-9.4.24-21.25.1

postgresql94-docs-9.4.24-21.25.1

postgresql94-plperl-9.4.24-21.25.1

postgresql94-plpython-9.4.24-21.25.1

postgresql94-pltcl-9.4.24-21.25.1

postgresql94-server-9.4.24-21.25.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192158-1/
Link for SUSE-SU-2019:2158-1
https://lists.suse.com/pipermail/sle-security-updates/2019-September/005891.html
E-Mail link for SUSE-SU-2019:2158-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1145092
SUSE Bug 1145092
https://www.suse.com/security/cve/CVE-2019-10208/
SUSE CVE CVE-2019-10208 page

Описание

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Затронутые продукты

SUSE Enterprise Storage 4:postgresql94-9.4.24-21.25.1

SUSE Enterprise Storage 4:postgresql94-contrib-9.4.24-21.25.1

SUSE Enterprise Storage 4:postgresql94-docs-9.4.24-21.25.1

SUSE Enterprise Storage 4:postgresql94-plperl-9.4.24-21.25.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-10208.html
CVE-2019-10208
https://bugzilla.suse.com/1145092
SUSE Bug 1145092
https://bugzilla.suse.com/1171566
SUSE Bug 1171566

SUSE-SU-2019:2158-1

Описание

Список пакетов

SUSE Enterprise Storage 4

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2019-10208

Описание

Затронутые продукты

Ссылки