Security update for postgresql96 (moderate) - vulnerability database | Vulners.com
Lucene search

HistoryJun 16, 2018 - 12:07 a.m.

Security update for postgresql96 (moderate)


0.007 Low




PostgreSQL was updated to 9.6.9 fixing bugs and security issues:

Release notes:

Security issue fixed:

  • CVE-2018-1115: Remove public execute privilege from contrib/adminpack’s
    pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper
    for the core function pg_rotate_logfile(). When that function was
    changed to rely on SQL privileges for access control rather than a
    hard-coded superuser check, pg_logfile_rotate() should have been updated
    as well, but the need for this was missed. Hence, if adminpack is
    installed, any user could request a logfile rotation, creating a minor
    security issue. After installing this update, administrators should
    update adminpack by performing ALTER EXTENSION adminpack UPDATE in each
    database in which adminpack is installed. (bsc#1091610)

This update was imported from the SUSE:SLE-12:Update update project.