Vulnerability CVE-2017-12172 - CERT Civis.Net

Vulnerability Name:

CVE-2017-12172 (CCN-134712)

Assigned:

2017-11-09

Published:

2017-11-09

Updated:

2019-10-09

Summary:

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

CVSS v3 Severity:

6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-12172

Source: CCN
Type: IBM Security Bulletin T1026733 (PowerKVM)
Vulnerabilities in postgresql affect PowerKVM

Source: BID
Type: Third Party Advisory, VDB Entry
101949

Source: CCN
Type: BID-101949
PostgreSQL CVE-2017-12172 Remote Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039752

Source: REDHAT
Type: Issue Tracking, Third Party Advisory
RHSA-2017:3402

Source: REDHAT
Type: Issue Tracking, Third Party Advisory
RHSA-2017:3403

Source: REDHAT
Type: Issue Tracking, Third Party Advisory
RHSA-2017:3404

Source: REDHAT
Type: Issue Tracking, Third Party Advisory
RHSA-2017:3405

Source: XF
Type: UNKNOWN
postgresql-cve201712172-sec-bypass(134712)

Source: CCN
Type: IBM Security Bulletin 888379 (Security Access Manager)
Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance

Source: CCN
Type: PostgreSQL Web site
PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://www.postgresql.org/about/news/1801/

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://www.postgresql.org/support/security/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-12172

Vulnerable Configuration:

Configuration 1:

cpe:/a:postgresql:postgresql:9.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.22:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.18:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.13:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:postgresql:postgresql:10:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*

AND

cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_access_manager:9.0.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.4:*:web:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42323	P	Security update for gpg2 (Important)	2022-07-25
oval:org.opensuse.security:def:201712172	V	CVE-2017-12172	2022-05-22
oval:org.opensuse.security:def:58935	P	Security update for python-numpy (Moderate) (in QA)	2022-01-17
oval:org.opensuse.security:def:34679	P	Security update for python36-pip (Moderate)	2022-01-12
oval:org.opensuse.security:def:32290	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:30171	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:34621	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:32251	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:20568	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2021-12-14
oval:org.opensuse.security:def:30283	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:58885	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:20654	P	Security update for sles12sp2-docker-image (Important)	2021-12-13
oval:org.opensuse.security:def:20987	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:33998	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:42231	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:42220	P	Security update for xen (Moderate)	2021-10-21
oval:org.opensuse.security:def:58852	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33987	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:20525	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:29433	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:43092	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:42219	P	Security update for libtpms (Important)	2021-09-21
oval:org.opensuse.security:def:58814	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31248	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:15049	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14884	P	expat-2.1.0-21.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14729	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15096	P	libvirt-5.1.0-11.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14904	P	gnome-shell-3.20.4-77.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14737	P	policycoreutils-2.5-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15107	P	libxml2-2-2.9.4-46.20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14928	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14763	P	rzsz-0.12.21~rc-1001.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15123	P	mozilla-nspr-32bit-4.21-19.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15022	P	libldb1-1.5.4-1.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14833	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:32974	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:57970	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:34462	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:17284	P	libwebkit2gtk3-lang-2.20.3-2.23.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15761	P	hplip-devel-3.14.6-3.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12395	P	alsa-1.0.27.2-15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12234	P	libneon27-0.30.0-3.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30208	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:12104	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15784	P	libXv-devel-1.0.10-3.57 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12404	P	bind-utils-9.11.2-1.24 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12253	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42584	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12126	P	gnome-shell-3.20.4-76.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17242	P	gwenhywfar-lang-4.9.0beta-3.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12417	P	cpp48-4.8.5-31.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12328	P	puppet-3.8.5-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42653	P	mutt-1.5.17-42.39.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12172	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36300	P	sudo-1.7.6p2-0.23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12353	P	sudo-1.8.20p2-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17250	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-6.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12219	P	libkde4-32bit-4.12.0-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12096	P	dracut-044-113.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36342	P	yast2-2.17.140-1.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30194	P	Security update for the Linux Kernel (Important)	2021-05-17
oval:org.opensuse.security:def:58738	P	Security update for libxml2 (Moderate)	2021-05-05
oval:org.opensuse.security:def:38779	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31613	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:31161	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:30062	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:29489	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:54776	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:28950	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:57556	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:35284	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:43172	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:29472	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:58079	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:33069	P	Security update for python36 (Important)	2021-02-10
oval:org.opensuse.security:def:20533	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:33986	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:29384	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:32839	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:31569	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:57389	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:58645	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35591	P	libmysqlclient15-32bit-5.0.67-13.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42475	P	zoo-2.10-911.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17369	P	libtag1-32bit-1.9.1-1.265 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35618	P	nagios-plugins-1.4.13-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35662	P	PackageKit-0.3.14-2.23.126 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35515	P	MozillaFirefox-3.5.9-0.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13055	P	libpython3_4m1_0-3.4.6-25.29.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35552	P	g3utils-1.1.36-26.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42755	P	libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13077	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26914	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54111	P	python-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39088	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53537	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:57412	P	Security update for lzo	2020-12-01
oval:org.opensuse.security:def:29036	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28738	P	Security update for libQt	2020-12-01
oval:org.opensuse.security:def:35194	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:42931	P	Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:17726	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:56411	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26925	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17603	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39137	P	pulseaudio-module-bluetooth on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53538	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:34082	P	Security update for LVM2	2020-12-01
oval:org.opensuse.security:def:38721	P	libraptor2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58249	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:20999	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34220	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38385	P	libu2f-host0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30880	P	Security update for file	2020-12-01
oval:org.opensuse.security:def:20784	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:27645	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:31425	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:34816	P	Security update for apport (Moderate)	2020-12-01
oval:org.opensuse.security:def:27339	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30636	P	Security update for xinetd	2020-12-01
oval:org.opensuse.security:def:54942	P	libusbmuxd4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:39929	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54217	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38386	P	libudisks2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29093	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:31404	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:33476	P	Security update for libgdiplus0	2020-12-01
oval:org.opensuse.security:def:43810	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28739	P	Security update for PostgreSQL 9.1	2020-12-01
oval:org.opensuse.security:def:42995	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:18364	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32748	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26989	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17635	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:39176	P	kernel-default-extra on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29976	P	Security update for libsndfile	2020-12-01
oval:org.opensuse.security:def:53560	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:34218	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:58535	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:21023	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:34260	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28750	P	Security update for libmpfr	2020-12-01
oval:org.opensuse.security:def:31012	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:20896	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:43047	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:27689	P	Security update for xorg-x11-libXp	2020-12-01
oval:org.opensuse.security:def:31463	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32749	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34900	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27490	P	libtasn1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30685	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:54980	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35474	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17426	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:54383	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38397	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57795	P	libgc1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29177	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:33515	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:43855	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33126	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35444	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:30724	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18390	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27117	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30340	P	Security update for unrar (Moderate)	2020-12-01
oval:org.opensuse.security:def:34728	P	Security update for ImageMagick (Low)	2020-12-01
oval:org.opensuse.security:def:39204	P	libplist++3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29977	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:53700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:34316	P	Security update for ruby	2020-12-01
oval:org.opensuse.security:def:38869	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:21661	P	Security update for crash (Moderate)	2020-12-01
oval:org.opensuse.security:def:28819	P	Security update for python	2020-12-01
oval:org.opensuse.security:def:31104	P	Security update for the SUSE Linux Enterprise 11 SP3 Kernel for Teradata (Important)	2020-12-01
oval:org.opensuse.security:def:20929	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28327	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:30794	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32760	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35036	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:27543	P	python-crypto on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17692	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:55061	P	audiofile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29988	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:17457	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54668	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29533	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:38481	P	shadow on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29330	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:31509	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33538	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:20712	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:33213	P	nfs-client on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35503	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:30743	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:27198	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30426	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34767	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:39249	P	Security update for salt (Critical)	2020-12-01
oval:org.opensuse.security:def:58960	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26913	P	guestfs-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53938	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34373	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:39029	P	libgadu3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:21687	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:57390	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:43121	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:28362	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30795	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:35137	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:27592	P	yast2-devel-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17704	P	Security update for bsh2 (Important)	2020-12-01
oval:org.opensuse.security:def:56337	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:34804	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17493	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:38618	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33582	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:30806	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:20746	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:33370	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:27631	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:30787	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:34805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27255	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30581	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:54868	P	libgraphite2-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34792	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:39887	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:79045	P	Security update for postgresql94 (Moderate)	2018-01-12
oval:org.opensuse.security:def:81670	P	Security update for postgresql94 (Moderate)	2018-01-12
oval:com.redhat.rhsa:def:20173402	P	RHSA-2017:3402: postgresql security update (Moderate)	2017-12-08
oval:com.ubuntu.artful:def:201712172000	V	CVE-2017-12172 on Ubuntu 17.10 (artful) - negligible.	2017-11-22
oval:com.ubuntu.xenial:def:2017121720000000	V	CVE-2017-12172 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-11-22
oval:com.ubuntu.trusty:def:201712172000	V	CVE-2017-12172 on Ubuntu 14.04 LTS (trusty) - negligible.	2017-11-22
oval:com.ubuntu.xenial:def:201712172000	V	CVE-2017-12172 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-11-22