Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

openSUSE Leap 42.3: 2018:1709-1 Moderate: PostgreSQL Security Issue

opensuse
Calendar Grey June 16, 2018
Dist Opensuse Esm H88
An important patch for PostgreSQL version 9.6.9 has been issued, which resolves a significant security weakness in openSUSE.
An update that fixes one vulnerability is now available.

Description

PostgreSQL was updated to 9.6.9 fixing bugs and security issues:

Release notes:

- https://www.postgresql.org/about/news/postgresql-104-969-9513-9418-and-9323-released-1851/

- https://www.postgresql.org/docs/9.6/release-9-6-9.html

A dump/restore is not required for those running 9.6.X. However, if you

use the adminpack extension, you should update it as per the first

changelog entry below. Also, if the function marking mistakes mentioned in

the second and third changelog entries below affect you, you will want to

take steps to correct your database catalogs.

Security issue fixed:

- CVE-2018-1115: Remove public execute privilege from contrib/adminpack's

pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper

for the core function pg_rotate_logfile(). When that function was

changed to rely on SQL privileges for access control rather than a

hard-coded superuser check, pg_logfile_rotate() should have been updated

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate software update threat postgresql openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-638=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libecpg6-9.6.9-18.1

libecpg6-debuginfo-9.6.9-18.1

libpq5-9.6.9-18.1

libpq5-debuginfo-9.6.9-18.1

postgresql96-9.6.9-18.1

postgresql96-contrib-9.6.9-18.1

postgresql96-contrib-debuginfo-9.6.9-18.1

postgresql96-debuginfo-9.6.9-18.1

postgresql96-debugsource-9.6.9-18.1

postgresql96-devel-9.6.9-18.1

postgresql96-devel-debuginfo-9.6.9-18.1

postgresql96-libs-debugsource-9.6.9-18.1

postgresql96-plperl-9.6.9-18.1

postgresql96-plperl-debuginfo-9.6.9-18.1

postgresql96-plpython-9.6.9-18.1

postgresql96-plpython-debuginfo-9.6.9-18.1

postgresql96-pltcl-9.6.9-18.1

postgresql96-pltcl-debuginfo-9.6.9-18.1

postgresql96-server-9.6.9-18.1

postgresql96-server-debuginfo-9.6.9-18.1

postgresql96-test-9.6.9-18.1

- openSUSE Leap 42.3 (x86_64):

libecpg6-32bit-9.6.9-18.1

libecpg6-debuginfo-32bit-9.6.9-18.1

libpq5-32bit-9.6.9-18.1

libpq5-debuginfo-32bit-9.6.9-18.1

- openSUSE Leap 42.3 (noarch):

postgresql96-docs-9.6.9-18.1

References

https://www.suse.com/security/cve/CVE-2018-1115.html

https://bugzilla.suse.com/1091610

--

Announcement ID: openSUSE-SU-2018:1709-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Topics%20covered

Topics Covered

security advisory moderate software update threat postgresql openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here