{"affected":[{"ecosystem_specific":{"binaries":[{"postgresql-init":"9.4-0.5.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"postgresql-init","purl":"pkg:rpm/suse/postgresql-init&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4-0.5.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql-init":"9.4-0.5.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"postgresql-init","purl":"pkg:rpm/suse/postgresql-init&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4-0.5.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for postgresql-init fixes the following issues:\n\n- CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root (bsc#1062722)\n","id":"SUSE-SU-2017:3107-1","modified":"2017-11-27T15:42:38Z","published":"2017-11-27T15:42:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173107-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062722"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14798"}],"related":["CVE-2017-14798"],"summary":"Security update for postgresql-init","upstream":["CVE-2017-14798"]}