Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2707-1

Опубликовано: 17 окт. 2019
Источник: suse-cvrf

Описание

Security update for postgresql10

This update for postgresql10 fixes the following issues:

Security issue fixed:

  • CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).

Список пакетов

Container suse/postgres:10
postgresql10-10.10-8.6.1
postgresql10-server-10.10-8.6.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
libpq5-10.10-8.6.1
postgresql10-10.10-8.6.1
postgresql10-contrib-10.10-8.6.1
postgresql10-server-10.10-8.6.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
libpq5-10.10-8.6.1
postgresql10-10.10-8.6.1
postgresql10-contrib-10.10-8.6.1
postgresql10-server-10.10-8.6.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
libpq5-10.10-8.6.1
postgresql10-10.10-8.6.1
postgresql10-contrib-10.10-8.6.1
postgresql10-server-10.10-8.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libpq5-10.10-8.6.1
postgresql10-10.10-8.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
libecpg6-10.10-8.6.1
postgresql10-contrib-10.10-8.6.1
postgresql10-devel-10.10-8.6.1
postgresql10-docs-10.10-8.6.1
postgresql10-plperl-10.10-8.6.1
postgresql10-plpython-10.10-8.6.1
postgresql10-pltcl-10.10-8.6.1
postgresql10-server-10.10-8.6.1

Ссылки

Описание

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Затронутые продукты
Container suse/postgres:10:postgresql10-10.10-8.6.1
Container suse/postgres:10:postgresql10-server-10.10-8.6.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:libpq5-10.10-8.6.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:postgresql10-10.10-8.6.1
Ссылки