 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2018.3909.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2018:3909-1) |
| Summary: | The remote host is missing an update for the 'postgresql94' package(s) announced via the SUSE-SU-2018:3909-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'postgresql94' package(s) announced via the SUSE-SU-2018:3909-1 advisory. Vulnerability Insight: This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199). A dump/restore is not required for this update unless you use the functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema. In this case please see the first entry of [link moved to references] Affected Software/OS: 'postgresql94' package(s) on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for SAP Applications 12-SP1, SUSE Linux Enterprise Server for SAP Applications 12-SP2. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-10915 BugTraq ID: 105054 http://www.securityfocus.com/bid/105054 Debian Security Information: DSA-4269 (Google Search) https://www.debian.org/security/2018/dsa-4269 https://security.gentoo.org/glsa/201810-08 https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html RedHat Security Advisories: RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2511 RedHat Security Advisories: RHSA-2018:2557 https://access.redhat.com/errata/RHSA-2018:2557 RedHat Security Advisories: RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2565 RedHat Security Advisories: RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2566 RedHat Security Advisories: RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2643 RedHat Security Advisories: RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:2721 RedHat Security Advisories: RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:2729 RedHat Security Advisories: RHSA-2018:3816 https://access.redhat.com/errata/RHSA-2018:3816 http://www.securitytracker.com/id/1041446 SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://usn.ubuntu.com/3744-1/ |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |