https://www.postgresql.org/about/news/1851/ Security update for postgresql96 (moderate) - vulnerability database | Vulners.comhttps://www.postgresql.org/about/news/1851/ https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/about/news/1851/
Lucene search

K
suseSuseOPENSUSE-SU-2018:1709-1
HistoryJun 16, 2018 - 12:07 a.m.

Security update for postgresql96 (moderate)

2018-06-1600:07:53
lists.opensuse.org
55

0.007 Low

EPSS

Percentile

80.7%

PostgreSQL was updated to 9.6.9 fixing bugs and security issues:

Release notes:

Security issue fixed:

  • CVE-2018-1115: Remove public execute privilege from contrib/adminpack’s
    pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper
    for the core function pg_rotate_logfile(). When that function was
    changed to rely on SQL privileges for access control rather than a
    hard-coded superuser check, pg_logfile_rotate() should have been updated
    as well, but the need for this was missed. Hence, if adminpack is
    installed, any user could request a logfile rotation, creating a minor
    security issue. After installing this update, administrators should
    update adminpack by performing ALTER EXTENSION adminpack UPDATE in each
    database in which adminpack is installed. (bsc#1091610)

This update was imported from the SUSE:SLE-12:Update update project.