Oval Definition:	oval:org.opensuse.security:def:56636
Revision Date: 2020-12-01 Version: 1 Title: Security update for postgresql96 (Important) Description: This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with 'INSERT ... ON CONFLICT DO UPDATE'. An attacker with 'CREATE TABLE' privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain 'INSERT' and limited 'UPDATE' privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html Family: unix Class: patch Status: Reference(s): 1002991 1002995 1002998 1003000 1003002 1003012 1003017 1003023 1027282 1036304 1038564 1041090 1042670 1042892 1045735 1049825 1052311 1052368 1070851 1073269 1073748 1076192 1078326 1078485 1079334 1081294 1081750 1084650 1086001 1086730 1088705 1091624 1092413 1096803 1099847 1100028 1101349 1102429 1104076 1104199 1104202 1109412 1109413 1109414 1109893 1110542 1111056 1111319 1111996 1112534 1112535 1112911 1113247 1113252 1113255 1113296 1116827 1116995 1118830 1118831 1120629 1120630 1120631 1120640 1121034 1121035 1121056 1127155 1129180 1131823 1131863 1133131 1133232 1134156 1134226 1137977 1140039 1140359 1141913 1142772 1145521 1146882 1146884 1149792 1153674 1153830 1155094 1159035 1162224 1162367 1162825 1165894 1170411 1171561 945401 952062 968849 971328 CVE-2013-0211 CVE-2015-2304 CVE-2015-8025 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-2098 CVE-2016-2315 CVE-2016-2324 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 CVE-2017-1000112 CVE-2017-8890 CVE-2017-9242 CVE-2017-9269 CVE-2018-1000140 CVE-2018-1000876 CVE-2018-10915 CVE-2018-10925 CVE-2018-12472 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-7169 CVE-2018-7685 CVE-2019-1010180 CVE-2019-12973 CVE-2019-14287 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-18348 CVE-2019-3835 CVE-2019-3839 CVE-2019-9674 CVE-2020-8492 SUSE-SU-2015:2053-2 SUSE-SU-2016:0796-1 SUSE-SU-2016:0867-1 SUSE-SU-2016:2505-1 SUSE-SU-2017:2447-1 SUSE-SU-2018:0662-1 SUSE-SU-2018:0828-1 SUSE-SU-2018:2716-1 SUSE-SU-2018:3377-1 SUSE-SU-2018:3467-1 SUSE-SU-2019:2265-1 SUSE-SU-2019:2478-1 SUSE-SU-2019:2650-1 SUSE-SU-2019:2667-1 SUSE-SU-2020:1524-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gpgme-1.10.0-lp150.2 is installed OR libgpgme11-1.10.0-lp150.2 is installed OR libgpgmepp6-1.10.0-lp150.2 is installed OR libqgpgme7-1.10.0-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.3 is installed OR libu2f-host-devel-1.1.6-lp151.2.3 is installed OR libu2f-host-doc-1.1.6-lp151.2.3 is installed OR libu2f-host0-1.1.6-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information postgresql96-9.6.10-3.22 is installed OR postgresql96-libs-9.6.10-3.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information xscreensaver-5.22-7 is installed OR xscreensaver-data-5.22-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_51-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_51-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_18-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libarchive13-3.1.2-22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-68.6.1-109.113 is installed OR MozillaFirefox-devel-68.6.1-109.113 is installed OR MozillaFirefox-translations-common-68.6.1-109.113 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_90-92_50-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_15-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_29-default-12-2 is installed OR kgraft-patch-SLE12-SP2_Update_10-12-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information file-5.19-9 is installed OR file-magic-5.19-9 is installed OR libmagic1-5.19-9 is installed OR libmagic1-32bit-5.19-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ceph-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR ceph-common-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR libcephfs2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librados2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR libradosstriper1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librbd1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librgw2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-cephfs-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rados-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rbd-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rgw-12.2.13+git.1592168685.85110a3e9d-2.50 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libexif-0.6.21-8.6 is installed OR libexif12-0.6.21-8.6 is installed OR libexif12-32bit-0.6.21-8.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information curl-7.60.0-2 is installed OR libcurl4-7.60.0-2 is installed OR libcurl4-32bit-7.60.0-2 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information ruby2.1-rubygem-actionview-4_2-4.2.2-8 is installed OR rubygem-actionview-4_2-4.2.2-8 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libzypp-16.17.20-27.52 is installed OR zypper-1.13.45-18.33 is installed OR zypper-log-1.13.45-18.33 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information crowbar-core-5.0+git.1569597589.1f025c557-3.32 is installed OR crowbar-core-branding-upstream-5.0+git.1569597589.1f025c557-3.32 is installed OR crowbar-ha-5.0+git.1567673535.607aada-3.26 is installed OR crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31 is installed OR crowbar-ui-1.2.0+git.1568396400.0344a727-3.12 is installed OR galera-3-25.3.25-4.6 is installed OR galera-3-wsrep-provider-25.3.25-4.6 is installed OR grafana-4.6.5-4.6 is installed OR libmariadb3-3.1.2-3.12 is installed OR mariadb-10.2.25-4.14 is installed OR mariadb-client-10.2.25-4.14 is installed OR mariadb-connector-c-3.1.2-3.12 is installed OR mariadb-errormessages-10.2.25-4.14 is installed OR mariadb-galera-10.2.25-4.14 is installed OR mariadb-tools-10.2.25-4.14 is installed OR novnc-1.0.0-3.6 is installed OR openstack-cinder-11.2.3~dev16-3.21 is installed OR openstack-cinder-api-11.2.3~dev16-3.21 is installed OR openstack-cinder-backup-11.2.3~dev16-3.21 is installed OR openstack-cinder-doc-11.2.3~dev16-3.21 is installed OR openstack-cinder-scheduler-11.2.3~dev16-3.21 is installed OR openstack-cinder-volume-11.2.3~dev16-3.21 is installed OR openstack-glance-15.0.3~dev3-3.12 is installed OR openstack-glance-api-15.0.3~dev3-3.12 is installed OR openstack-glance-doc-15.0.3~dev3-3.12 is installed OR openstack-glance-registry-15.0.3~dev3-3.12 is installed OR openstack-heat-9.0.8~dev13-3.24 is installed OR openstack-heat-api-9.0.8~dev13-3.24 is installed OR openstack-heat-api-cfn-9.0.8~dev13-3.24 is installed OR openstack-heat-api-cloudwatch-9.0.8~dev13-3.24 is installed OR openstack-heat-doc-9.0.8~dev13-3.24 is installed OR openstack-heat-engine-9.0.8~dev13-3.24 is installed OR openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24 is installed OR openstack-heat-test-9.0.8~dev13-3.24 is installed OR openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6 is installed OR openstack-keystone-12.0.4~dev4-5.27 is installed OR openstack-keystone-doc-12.0.4~dev4-5.27 is installed OR openstack-monasca-installer-20190923_16.32-3.9 is installed OR openstack-neutron-11.0.9~dev51-3.24 is installed OR openstack-neutron-dhcp-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-doc-11.0.9~dev51-3.24 is installed OR openstack-neutron-gbp-7.3.1~dev56-3.9 is installed OR openstack-neutron-ha-tool-11.0.9~dev51-3.24 is installed OR openstack-neutron-l3-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-lbaas-11.0.4~dev6-3.15 is installed OR openstack-neutron-lbaas-agent-11.0.4~dev6-3.15 is installed OR openstack-neutron-lbaas-doc-11.0.4~dev6-3.15 is installed OR openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-macvtap-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-metadata-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-metering-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24 is installed OR openstack-neutron-server-11.0.9~dev51-3.24 is installed OR openstack-nova-16.1.9~dev7-3.29 is installed OR openstack-nova-api-16.1.9~dev7-3.29 is installed OR openstack-nova-cells-16.1.9~dev7-3.29 is installed OR openstack-nova-compute-16.1.9~dev7-3.29 is installed OR openstack-nova-conductor-16.1.9~dev7-3.29 is installed OR openstack-nova-console-16.1.9~dev7-3.29 is installed OR openstack-nova-consoleauth-16.1.9~dev7-3.29 is installed OR openstack-nova-doc-16.1.9~dev7-3.29 is installed OR openstack-nova-novncproxy-16.1.9~dev7-3.29 is installed OR openstack-nova-placement-api-16.1.9~dev7-3.29 is installed OR openstack-nova-scheduler-16.1.9~dev7-3.29 is installed OR openstack-nova-serialproxy-16.1.9~dev7-3.29 is installed OR openstack-nova-vncproxy-16.1.9~dev7-3.29 is installed OR python-amqp-2.2.2-3.6 is installed OR python-cinder-11.2.3~dev16-3.21 is installed OR python-glance-15.0.3~dev3-3.12 is installed OR python-heat-9.0.8~dev13-3.24 is installed OR python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6 is installed OR python-keystone-12.0.4~dev4-5.27 is installed OR python-neutron-11.0.9~dev51-3.24 is installed OR python-neutron-gbp-7.3.1~dev56-3.9 is installed OR python-neutron-lbaas-11.0.4~dev6-3.15 is installed OR python-nova-16.1.9~dev7-3.29 is installed OR python-ovs-2.7.2-3.6 is installed OR python-pysaml2-4.0.2-5.3 is installed OR python-urllib3-1.22-5.9 is installed OR release-notes-suse-openstack-cloud-8.20190911-3.20 is installed OR ruby2.1-rubygem-easy_diff-1.0.0-3.4 is installed OR rubygem-easy_diff-1.0.0-3.4 is installed
BACK