SUSE-SU-2018:3909-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3909-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2018:3909-1

Related

CVE-2018-10915

Published

2018-11-26T16:45:52Z

Modified

2018-11-26T16:45:52Z

Summary

Security update for postgresql94

Details

This update for postgresql94 to 9.4.19 fixes the following security issue:

CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199).

A dump/restore is not required for this update unless you use the functions querytoxml, cursortoxml, cursortoxmlschema, querytoxmlschema, and querytoxmlandxmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html

References

Affected packages

SUSE:OpenStack Cloud 7 / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1-LTSS / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Enterprise Storage 4 / postgresql94

Package

Name: postgresql94
Purl: purl:rpm/suse/postgresql94&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}