Download
| Alert*
oval:org.secpod.oval:def:89003261
This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing . More information at https://www.postgresql.org/docs/10/release-10-9.html oval:org.secpod.oval:def:89003182 This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing . More information at https://www.postgresql.org/docs/10/release-10-9.html oval:org.secpod.oval:def:505092 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql . Security Fix: * PostgreSQL: stack-based buffer overflow via setting a password * PostgreSQL: ALTER ... DEPENDS ON EXTENSION is ... oval:org.secpod.oval:def:66574 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:57647 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL ... oval:org.secpod.oval:def:116879 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:116877 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:116886 The libpq package provides the essential shared library for any PostgreSQL client program or interface. You will need to install this package to use any other PostgreSQL package or any clients that need to connect to a PostgreSQL server. oval:org.secpod.oval:def:1801495 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user"s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL ... oval:org.secpod.oval:def:1801504 Postgresql 10.8 in Alpine 3.8 need security fix Patch with upgrade to postgresql version 10.9 will be posted to patchwork.alpinelinux.org Related issues Related to Alpine Linux - Bug #10641: [3.7] postgresql: Stack-based buffer overflow via setting a password Closed07/02/2019 Related to Is duplicate ... oval:org.secpod.oval:def:504281 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:1503032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504988 [10.15-1] - Rebase to upstream release 10.15 Resolves: CVE-2020-25695 Resolves: CVE-2020-25694 Resolves: CVE-2020-25696 [10.14-1] - Rebase to upstream release 10.14 https://www.postgresql.org/docs/10/release-10-14.html [10.12-2] - Filter provides RHBZ#1719549 [10.12-1] - Rebase to upstream version 1 ... oval:org.secpod.oval:def:705026 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database PostgreSQL could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:55659 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database PostgreSQL could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:55915 The host is installed with PostgreSQL 10.x before 10.9 and 11.x before 11.4 and is prone to an stack-based buffer overflow vulnerability. A flaw is present in the application which fails to handle crafted passwords. Successful exploitation allows attackers to execute arbitrary code as the PostgreSQL ... |