SUSE-SU-2018:3909-1 -- SLES postgresql94ID: oval:org.secpod.oval:def:89002576 | Date: (C)2021-02-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape functions to malfunction . A dump/restore is not required for this update unless you use the functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html
Platform: |
SUSE Linux Enterprise Server 12 SP2 |