Описание
Security update for postgresql10
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
libpq5-10.10-4.16.1
postgresql10-10.10-4.16.1
SUSE Linux Enterprise Module for Package Hub 15
postgresql10-test-10.10-4.16.1
SUSE Linux Enterprise Module for Server Applications 15
libecpg6-10.10-4.16.1
postgresql10-contrib-10.10-4.16.1
postgresql10-devel-10.10-4.16.1
postgresql10-docs-10.10-4.16.1
postgresql10-plperl-10.10-4.16.1
postgresql10-plpython-10.10-4.16.1
postgresql10-pltcl-10.10-4.16.1
postgresql10-server-10.10-4.16.1
Ссылки
- Link for SUSE-SU-2019:2228-1
- E-Mail link for SUSE-SU-2019:2228-1
- SUSE Security Ratings
- SUSE Bug 1145092
- SUSE CVE CVE-2019-10208 page
Описание
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libpq5-10.10-4.16.1
SUSE Linux Enterprise Module for Basesystem 15:postgresql10-10.10-4.16.1
SUSE Linux Enterprise Module for Package Hub 15:postgresql10-test-10.10-4.16.1
SUSE Linux Enterprise Module for Server Applications 15:libecpg6-10.10-4.16.1
Ссылки
- CVE-2019-10208
- SUSE Bug 1145092
- SUSE Bug 1171566