SUSE-SU-2019:2159-1

Опубликовано: 15 окт. 2019

Источник: suse-cvrf

Описание

Security update for postgresql96

This update for postgresql96 fixes the following issues:

Security issue fixed:

CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).

Список пакетов

HPE Helion OpenStack 8

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Enterprise Storage 4

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Enterprise Storage 5

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server 12 SP1-LTSS

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server 12 SP2-BCL

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server 12 SP2-LTSS

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server 12 SP3-BCL

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server 12 SP3-LTSS

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE OpenStack Cloud 7

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE OpenStack Cloud 8

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

SUSE OpenStack Cloud Crowbar 8

postgresql96-9.6.15-3.29.1

postgresql96-contrib-9.6.15-3.29.1

postgresql96-docs-9.6.15-3.29.1

postgresql96-plperl-9.6.15-3.29.1

postgresql96-plpython-9.6.15-3.29.1

postgresql96-pltcl-9.6.15-3.29.1

postgresql96-server-9.6.15-3.29.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192159-1/
Link for SUSE-SU-2019:2159-1
https://lists.suse.com/pipermail/sle-security-updates/2019-August/005834.html
E-Mail link for SUSE-SU-2019:2159-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1145092
SUSE Bug 1145092
https://www.suse.com/security/cve/CVE-2019-10208/
SUSE CVE CVE-2019-10208 page

Описание

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Затронутые продукты

HPE Helion OpenStack 8:postgresql96-9.6.15-3.29.1

HPE Helion OpenStack 8:postgresql96-contrib-9.6.15-3.29.1

HPE Helion OpenStack 8:postgresql96-docs-9.6.15-3.29.1

HPE Helion OpenStack 8:postgresql96-plperl-9.6.15-3.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-10208.html
CVE-2019-10208
https://bugzilla.suse.com/1145092
SUSE Bug 1145092
https://bugzilla.suse.com/1171566
SUSE Bug 1171566

SUSE-SU-2019:2159-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Enterprise Storage 4

SUSE Enterprise Storage 5

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2019-10208

Описание

Затронутые продукты

Ссылки