SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1810

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1810

Security update for postgresql10

Type: security

Severity: moderate

Issued: 2019-07-10

Description:

This update for postgresql10 fixes the following issues:

Security issue fixed:
- CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).
- CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689).

Bug fixes:

- For a complete list of fixes check the release notes.
 
   * https://www.postgresql.org/docs/10/release-10-9.html
   * https://www.postgresql.org/docs/10/release-10-8.html
   * https://www.postgresql.org/docs/10/release-10-7.html

References

CVE: CVE-2019-10164
CVE: CVE-2019-10130
Bugzilla: 1138034 VUL-0: EMBARGOED: postgresql10: Out-of-cycle Release: 2019-06-20
Bugzilla: 1134689 VUL-1: CVE-2019-10130: postgresql96,postgresql10,postgresql11: potential bypass of security policy allows a user to read restricted data

Packages

postgresql10-10.9-4.13.2