Download
| Alert*
oval:org.secpod.oval:def:89003003
This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:505246 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:506036 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operationsandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SECUR ... oval:org.secpod.oval:def:505225 The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: ... oval:org.secpod.oval:def:89002860 This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:1601449 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that cr ... oval:org.secpod.oval:def:89043926 This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresq ... oval:org.secpod.oval:def:70262 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:505218 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape sec ... oval:org.secpod.oval:def:67382 The host is installed with PostgreSQL 9.x before 9.5.24, 9.6.x before 9.6.20, 10.x before 10.15 or 11.x before 11.10, 12.x before 12.5 or 13.x before 13.1 and is prone to an algorithm downgrade vulnerability. A flaw is present in the application which fails to handle a issue in client application wh ... oval:org.secpod.oval:def:505219 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql12-postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape sec ... oval:org.secpod.oval:def:89003005 This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:505248 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:505253 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:89050269 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:89050215 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:89050482 This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:1601405 A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist ... oval:org.secpod.oval:def:119481 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that youll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the Po ... oval:org.secpod.oval:def:1801822 Fixed In Version: PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Fixed In Version: PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 oval:org.secpod.oval:def:69633 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:69632 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:1504988 [10.15-1] - Rebase to upstream release 10.15 Resolves: CVE-2020-25695 Resolves: CVE-2020-25694 Resolves: CVE-2020-25696 [10.14-1] - Rebase to upstream release 10.14 https://www.postgresql.org/docs/10/release-10-14.html [10.12-2] - Filter provides RHBZ#1719549 [10.12-1] - Rebase to upstream version 1 ... oval:org.secpod.oval:def:1503160 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503163 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500083 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500148 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:1504863 [9.2.24-6] - Patch fixing BZ#1741488 CVE-2019-10208 [9.2.24-5] - Patch fixing CVE-2020-25694 BZ#1907894 - Patch fixing CVE-2020-25695 BZ#1907895 oval:org.secpod.oval:def:1700638 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that cr ... oval:org.secpod.oval:def:205874 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SECU ... oval:org.secpod.oval:def:205918 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SE ... oval:org.secpod.oval:def:2500209 The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. oval:org.secpod.oval:def:89000153 This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:89049545 This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bs ... oval:org.secpod.oval:def:1503137 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500213 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:705757 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:69631 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:1503164 The advisory is missing the security advisory description. For more information please visit the reference link |