SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2228

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2228

Security update for postgresql10

Type: security

Severity: important

Issued: 2019-08-28

Description:

This update for postgresql10 fixes the following issues:

Security issue fixed:

- CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).

References

CVE: CVE-2019-10208
Bugzilla: 1145092 VUL-0: CVE-2019-10208: postgresql94,postgresql96,postgresql,postgresql10: postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

Packages

postgresql10-10.10-4.16.1