{"affected":[{"ecosystem_specific":{"binaries":[{"postgresql94":"9.4.12-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"postgresql94","purl":"pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.12-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql94":"9.4.12-20.1","postgresql94-contrib":"9.4.12-20.1","postgresql94-docs":"9.4.12-20.1","postgresql94-server":"9.4.12-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"postgresql94","purl":"pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.12-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql94-devel":"9.4.12-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"postgresql94-libs","purl":"pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.12-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql94":"9.4.12-20.1","postgresql94-contrib":"9.4.12-20.1","postgresql94-docs":"9.4.12-20.1","postgresql94-server":"9.4.12-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"postgresql94","purl":"pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.12-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql94":"9.4.12-20.1","postgresql94-contrib":"9.4.12-20.1","postgresql94-docs":"9.4.12-20.1","postgresql94-server":"9.4.12-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"postgresql94","purl":"pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.12-20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for postgresql94 to 9.4.12 fixes the following issues:\n\nUpstream changelogs:\n\n- https://www.postgresql.org/docs/9.4/static/release-9-4-12.html\n- https://www.postgresql.org/docs/9.4/static/release-9-4-11.html\n- https://www.postgresql.org/docs/9.4/static/release-9-4-10.html\n\nSecurity issues fixed:\n\n* CVE-2017-7486: Restrict visibility of\n  pg_user_mappings.umoptions, to protect passwords stored as\n  user mapping options. (bsc#1037624)\n\n  Please note that manual action is needed to fix this in existing databases\n  See the upstream release notes for details.\n* CVE-2017-7485: recognize PGREQUIRESSL variable\n  again. (bsc#1038293)\n* CVE-2017-7484: Prevent exposure of statistical\n  information via leaky operators. (bsc#1037603)\n\nChanges in version 9.4.12:\n\n* Build corruption with CREATE INDEX CONCURRENTLY\n* Fixes for visibility and write-ahead-log stability\n\nChanges in version 9.4.10:\n\n* Fix WAL-logging of truncation of relation free space maps and\n  visibility maps\n* Fix incorrect creation of GIN index WAL records on big-endian\n  machines\n* Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have\n  been updated by a subsequently-aborted transaction\n* Fix EvalPlanQual rechecks involving CTE scans\n* Fix improper repetition of previous results from hashed\n  aggregation in a subquery\n\nThe libraries libpq and libecpg are now supplied by postgresql 9.6.\n","id":"SUSE-SU-2017:1690-1","modified":"2017-06-26T11:21:37Z","published":"2017-06-26T11:21:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171690-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037603"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037624"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038293"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7486"}],"related":["CVE-2017-7484","CVE-2017-7485","CVE-2017-7486"],"summary":"Security update for postgresql94","upstream":["CVE-2017-7484","CVE-2017-7485","CVE-2017-7486"]}