Security update for postgresql96 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0765-1 Final 1 1 2018-03-21T18:55:51Z current 2018-03-21T18:55:51Z 2018-03-21T18:55:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql96 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.6/static/release-9-6-8.html This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00076.html E-Mail link for openSUSE-SU-2018:0765-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libecpg6-9.6.8-15.1 libecpg6-32bit-9.6.8-15.1 libpq5-9.6.8-15.1 libpq5-32bit-9.6.8-15.1 postgresql96-9.6.8-15.1 postgresql96-contrib-9.6.8-15.1 postgresql96-devel-9.6.8-15.1 postgresql96-docs-9.6.8-15.1 postgresql96-libs-9.6.8-15.1 postgresql96-plperl-9.6.8-15.1 postgresql96-plpython-9.6.8-15.1 postgresql96-pltcl-9.6.8-15.1 postgresql96-server-9.6.8-15.1 postgresql96-test-9.6.8-15.1 libecpg6-9.6.8-15.1 as a component of openSUSE Leap 42.3 libecpg6-32bit-9.6.8-15.1 as a component of openSUSE Leap 42.3 libpq5-9.6.8-15.1 as a component of openSUSE Leap 42.3 libpq5-32bit-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-contrib-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-devel-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-docs-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-libs-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-plperl-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-plpython-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-pltcl-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-server-9.6.8-15.1 as a component of openSUSE Leap 42.3 postgresql96-test-9.6.8-15.1 as a component of openSUSE Leap 42.3 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. CVE-2018-1058 openSUSE Leap 42.3:libecpg6-32bit-9.6.8-15.1 openSUSE Leap 42.3:libecpg6-9.6.8-15.1 openSUSE Leap 42.3:libpq5-32bit-9.6.8-15.1 openSUSE Leap 42.3:libpq5-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-contrib-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-devel-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-docs-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-libs-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-plperl-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-plpython-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-pltcl-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-server-9.6.8-15.1 openSUSE Leap 42.3:postgresql96-test-9.6.8-15.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00076.html https://www.suse.com/security/cve/CVE-2018-1058.html CVE-2018-1058 https://bugzilla.suse.com/1081925 SUSE Bug 1081925 https://bugzilla.suse.com/1175193 SUSE Bug 1175193 https://bugzilla.suse.com/1175194 SUSE Bug 1175194