Oval Definition:oval:org.opensuse.security:def:201712172
Revision Date:2022-05-22Version:1
Title:CVE-2017-12172
Description:

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-12172
SUSE-SU-2018:0077-1
SUSE-SU-2018:0081-1
openSUSE-SU-2018:0095-1
Mitre CVE-2017-12172
SUSE CVE-2017-12172
SUSE-SU-2018:0077-1
SUSE-SU-2018:0081-1
openSUSE-SU-2018:0095-1
Platform(s):openSUSE Leap 42.2
openSUSE Leap 42.3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP2
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • postgresql94-9.4.15-9.12.1 is installed
  • AND postgresql94 is signed with openSUSE key
  • OR
  • postgresql94-contrib-9.4.15-9.12.1 is installed
  • AND postgresql94-contrib is signed with openSUSE key
  • OR
  • postgresql94-devel-9.4.15-9.12.1 is installed
  • AND postgresql94-devel is signed with openSUSE key
  • OR
  • postgresql94-docs-9.4.15-9.12.1 is installed
  • AND postgresql94-docs is signed with openSUSE key
  • OR
  • postgresql94-libs-9.4.15-9.12.1 is installed
  • AND postgresql94-libs is signed with openSUSE key
  • OR
  • postgresql94-plperl-9.4.15-9.12.1 is installed
  • AND postgresql94-plperl is signed with openSUSE key
  • OR
  • postgresql94-plpython-9.4.15-9.12.1 is installed
  • AND postgresql94-plpython is signed with openSUSE key
  • OR
  • postgresql94-pltcl-9.4.15-9.12.1 is installed
  • AND postgresql94-pltcl is signed with openSUSE key
  • OR
  • postgresql94-server-9.4.15-9.12.1 is installed
  • AND postgresql94-server is signed with openSUSE key
  • OR
  • postgresql94-test-9.4.15-9.12.1 is installed
  • AND postgresql94-test is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND Package Information
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND postgresql94-9.4.15-21.13.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND
  • postgresql94-devel-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND postgresql94-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND
  • postgresql94-devel-9.4.15-21.13 is installed
  • OR postgresql94-libs-9.4.15-21.13 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
  • OR postgresql-init is not affected
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • postgresql94-9.4.15-15 is installed
  • AND postgresql94 is signed with openSUSE key
  • OR
  • postgresql94-contrib-9.4.15-15 is installed
  • AND postgresql94-contrib is signed with openSUSE key
  • OR
  • postgresql94-devel-9.4.15-15 is installed
  • AND postgresql94-devel is signed with openSUSE key
  • OR
  • postgresql94-docs-9.4.15-15 is installed
  • AND postgresql94-docs is signed with openSUSE key
  • OR
  • postgresql94-libs-9.4.15-15 is installed
  • AND postgresql94-libs is signed with openSUSE key
  • OR
  • postgresql94-plperl-9.4.15-15 is installed
  • AND postgresql94-plperl is signed with openSUSE key
  • OR
  • postgresql94-plpython-9.4.15-15 is installed
  • AND postgresql94-plpython is signed with openSUSE key
  • OR
  • postgresql94-pltcl-9.4.15-15 is installed
  • AND postgresql94-pltcl is signed with openSUSE key
  • OR
  • postgresql94-server-9.4.15-15 is installed
  • AND postgresql94-server is signed with openSUSE key
  • OR
  • postgresql94-test-9.4.15-15 is installed
  • AND postgresql94-test is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND
  • postgresql94-devel-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND postgresql94-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND
  • postgresql94-devel-9.4.15-21.13 is installed
  • OR postgresql94-libs-9.4.15-21.13 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed
  • AND Package Information
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND Package Information
  • postgresql94-9.4.15-21.13 is installed
  • OR postgresql94-contrib-9.4.15-21.13 is installed
  • OR postgresql94-docs-9.4.15-21.13 is installed
  • OR postgresql94-server-9.4.15-21.13 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND
  • postgresql94-devel-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND Package Information
  • libecpg6-9.4.15-0.23.10 is installed
  • OR libpq5-9.4.15-0.23.10 is installed
  • OR libpq5-32bit-9.4.15-0.23.10 is installed
  • OR postgresql94-9.4.15-0.23.10 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10 is installed
  • OR postgresql94-docs-9.4.15-0.23.10 is installed
  • OR postgresql94-libs-9.4.15-0.23.10 is installed
  • OR postgresql94-server-9.4.15-0.23.10 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND postgresql94-devel-9.4.15-0.23.10.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND
  • libecpg6-9.4.15-0.23.10.1 is installed
  • OR libpq5-9.4.15-0.23.10.1 is installed
  • OR libpq5-32bit-9.4.15-0.23.10.1 is installed
  • OR postgresql94-9.4.15-0.23.10.1 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10.1 is installed
  • OR postgresql94-docs-9.4.15-0.23.10.1 is installed
  • OR postgresql94-server-9.4.15-0.23.10.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10.1 is installed
  • OR libpq5-9.4.15-0.23.10.1 is installed
  • OR libpq5-32bit-9.4.15-0.23.10.1 is installed
  • OR postgresql94-9.4.15-0.23.10.1 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10.1 is installed
  • OR postgresql94-docs-9.4.15-0.23.10.1 is installed
  • OR postgresql94-server-9.4.15-0.23.10.1 is installed
  • OR postgresql-init is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10.1 is installed
  • OR libpq5-9.4.15-0.23.10.1 is installed
  • OR libpq5-32bit-9.4.15-0.23.10.1 is installed
  • OR postgresql94-9.4.15-0.23.10.1 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10.1 is installed
  • OR postgresql94-docs-9.4.15-0.23.10.1 is installed
  • OR postgresql94-server-9.4.15-0.23.10.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND postgresql-init is not affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND postgresql94-9.4.15-21.13.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND postgresql94-devel-9.4.15-21.13.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
  • OR postgresql-init is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND
  • libecpg6-9.4.15-0.23.10.1 is installed
  • OR libpq5-9.4.15-0.23.10.1 is installed
  • OR libpq5-32bit-9.4.15-0.23.10.1 is installed
  • OR postgresql94-9.4.15-0.23.10.1 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10.1 is installed
  • OR postgresql94-docs-9.4.15-0.23.10.1 is installed
  • OR postgresql94-server-9.4.15-0.23.10.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed
  • AND
  • libecpg6-9.4.15-0.23.10.1 is installed
  • OR libpq5-9.4.15-0.23.10.1 is installed
  • OR libpq5-32bit-9.4.15-0.23.10.1 is installed
  • OR postgresql94-9.4.15-0.23.10.1 is installed
  • OR postgresql94-contrib-9.4.15-0.23.10.1 is installed
  • OR postgresql94-docs-9.4.15-0.23.10.1 is installed
  • OR postgresql94-server-9.4.15-0.23.10.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND postgresql-init is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
  • OR postgresql-init is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • postgresql94-9.4.15-21.13.1 is installed
  • OR postgresql94-contrib-9.4.15-21.13.1 is installed
  • OR postgresql94-docs-9.4.15-21.13.1 is installed
  • OR postgresql94-server-9.4.15-21.13.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND postgresql-init is not affected
    • BACK