SUSE-SU-2018:3909-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20183909-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3909-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:3909-1
Related
Published
2018-11-26T16:45:52Z
Modified
2018-11-26T16:45:52Z
Summary
Security update for postgresql94
Details

This update for postgresql94 to 9.4.19 fixes the following security issue:

  • CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199).

A dump/restore is not required for this update unless you use the functions querytoxml, cursortoxml, cursortoxmlschema, querytoxmlschema, and querytoxmlandxmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html

References

Affected packages

SUSE:OpenStack Cloud 7 / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1-LTSS / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}

SUSE:Enterprise Storage 4 / postgresql94

Package

Name
postgresql94
Purl
purl:rpm/suse/postgresql94&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.19-21.22.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql94": "9.4.19-21.22.7",
            "postgresql94-contrib": "9.4.19-21.22.7",
            "postgresql94-docs": "9.4.19-21.22.7",
            "postgresql94-server": "9.4.19-21.22.7"
        }
    ]
}