Описание
Security update for postgresql10
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libecpg6-10.10-lp151.2.6.1
libecpg6-32bit-10.10-lp151.2.6.1
libpq5-10.10-lp151.2.6.1
libpq5-32bit-10.10-lp151.2.6.1
postgresql10-10.10-lp151.2.6.1
postgresql10-contrib-10.10-lp151.2.6.1
postgresql10-devel-10.10-lp151.2.6.1
postgresql10-docs-10.10-lp151.2.6.1
postgresql10-plperl-10.10-lp151.2.6.1
postgresql10-plpython-10.10-lp151.2.6.1
postgresql10-pltcl-10.10-lp151.2.6.1
postgresql10-server-10.10-lp151.2.6.1
postgresql10-test-10.10-lp151.2.6.1
openSUSE Leap 15.1
libecpg6-10.10-lp151.2.6.1
libecpg6-32bit-10.10-lp151.2.6.1
libpq5-10.10-lp151.2.6.1
libpq5-32bit-10.10-lp151.2.6.1
postgresql10-10.10-lp151.2.6.1
postgresql10-contrib-10.10-lp151.2.6.1
postgresql10-devel-10.10-lp151.2.6.1
postgresql10-docs-10.10-lp151.2.6.1
postgresql10-plperl-10.10-lp151.2.6.1
postgresql10-plpython-10.10-lp151.2.6.1
postgresql10-pltcl-10.10-lp151.2.6.1
postgresql10-server-10.10-lp151.2.6.1
postgresql10-test-10.10-lp151.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2062-1
- SUSE Security Ratings
- SUSE Bug 1145092
- SUSE CVE CVE-2019-10208 page
Описание
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Затронутые продукты
openSUSE Leap 15.0:libecpg6-10.10-lp151.2.6.1
openSUSE Leap 15.0:libecpg6-32bit-10.10-lp151.2.6.1
openSUSE Leap 15.0:libpq5-10.10-lp151.2.6.1
openSUSE Leap 15.0:libpq5-32bit-10.10-lp151.2.6.1
Ссылки
- CVE-2019-10208
- SUSE Bug 1145092
- SUSE Bug 1171566