This update for postgresql94 fixes the following issues:
Security issue fixed:
CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).
Affected Packages
postgresql94
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-contrib
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-docs
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-plperl
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-plpython
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-pltcl
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1
Fixed in:
9.4.24-21.25.1
postgresql94-server
SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP1