File _patchinfo of Package patchinfo.7512

<patchinfo incident="7512">
  <issue tracker="bnc" id="1091610">VUL-0: CVE-2018-1115: postgresql: Too-permissive access control list on function pg_logfile_rotate()</issue>
  <issue tracker="cve" id="2018-1115"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
  
PostgreSQL was updated to 9.6.9 fixing bugs and security issues:

Release notes:

- https://www.postgresql.org/about/news/1851/
- https://www.postgresql.org/docs/current/static/release-9-6-9.html

  A dump/restore is not required for those running 9.6.X.
  However, if you use the adminpack extension, you should update
  it as per the first changelog entry below.
  Also, if the function marking mistakes mentioned in the second
  and third changelog entries below affect you, you will want to
  take steps to correct your database catalogs.

Security issue fixed:

- CVE-2018-1115: Remove public execute privilege
  from contrib/adminpack's pg_logfile_rotate() function
  pg_logfile_rotate() is a deprecated wrapper for the core
  function pg_rotate_logfile(). When that function was changed
  to rely on SQL privileges for access control rather than a
  hard-coded superuser check, pg_logfile_rotate() should have
  been updated as well, but the need for this was missed. Hence,
  if adminpack is installed, any user could request a logfile
  rotation, creating a minor security issue.
  After installing this update, administrators should update
  adminpack by performing ALTER EXTENSION adminpack UPDATE in
  each database in which adminpack is installed. (bsc#1091610)

</description>
  <summary>Security update for postgresql96</summary>
</patchinfo>