Download
| Alert*
|
oval:org.secpod.oval:def:1800031
postgresql is installed oval:org.secpod.oval:def:1800030 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:1800769 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800286 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800777 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:33769 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a crafted script, related ... oval:org.secpod.oval:def:33768 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle pltcl_modules table. Succ ... oval:org.secpod.oval:def:33766 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle (1) ALTER USER or (2) ALT ... oval:org.secpod.oval:def:33761 The host is installed with PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9 or 8.4.x before 8.4.2 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a '\0' character in a doma ... oval:org.secpod.oval:def:33760 The host is installed with PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9 or 8.4.x before 8.4.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a table with c ... oval:org.secpod.oval:def:33747 The host is installed with PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7 or 9.4.x before 9.4.2 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle session shutdown sequence. Successful exploitation ... oval:org.secpod.oval:def:33759 The host is installed with PostgreSQL 8.3.6, 8.2.12, 8.1.16, 8.0.20 or 7.4.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle localized error message to a client-specified encoding, as demonstrated using mismatched encoding conv ... oval:org.secpod.oval:def:33767 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to an intended restriction bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving ... oval:org.secpod.oval:def:201713 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:201875 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:1801861 A security issue was found in PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In inst ... oval:org.secpod.oval:def:33754 The host is installed with PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) hstore_recv, (2) hstore_from_ ... oval:org.secpod.oval:def:33753 The host is installed with PostgreSQL 9.3.3 or earlier versions and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests. Successful exp ... oval:org.secpod.oval:def:106423 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:109136 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:109201 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:109232 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:33741 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large Unicode character range in a regular express ... oval:org.secpod.oval:def:1800264 CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ... oval:org.mitre.oval:def:6645 The host is installed with PostgreSQL 7.4.x before 7.4.30, 8.0.x before 8.0.26, 9.0.x before 9.0.1, 8.1.x before 8.1.22, 8.2.x before 8.2.18, 8.3.x before 8.3.12, or 8.4.x before 8.4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly p ... oval:org.mitre.oval:def:7291 The host is installed with PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, or 9.0 before 9.0.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly protect script ... oval:org.secpod.oval:def:204153 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:203860 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:1802026 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and len ... oval:org.secpod.oval:def:110210 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:203853 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:204871 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ... oval:org.mitre.oval:def:6785 PostgreSQL (32-bit) is installed oval:org.secpod.oval:def:203658 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:38564 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a (1) " (double quote), (2) \ (backslash), (3) ca ... oval:org.secpod.oval:def:38565 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a CASE expression or inlining of an SQL function. Su ... oval:org.secpod.oval:def:1500962 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:1500964 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:111243 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:203585 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:204556 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:203042 postgresql is installed oval:org.secpod.oval:def:110230 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:111237 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:1801863 A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to e ... oval:org.secpod.oval:def:1506353 [10.23-1] - Fix CVE-2022-2625 - Resolves: #2143167 - Rebase to 10.23 oval:org.secpod.oval:def:33740 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly restrict access to unspecified custom configura ... oval:org.secpod.oval:def:1801751 Fixed In Version: postgresql 12.4, postgresql 11.9, postgresql 10.14 oval:org.secpod.oval:def:66574 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:506972 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox For more details about the security iss ... oval:org.secpod.oval:def:507225 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Extension scripts replace objects not belonging to the extension. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:506963 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox For more details about the security iss ... oval:org.secpod.oval:def:89045778 This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake . - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshak ... oval:org.secpod.oval:def:204722 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:1502087 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502208 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:33755 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly check the return value of the crypt library fu ... oval:org.secpod.oval:def:203771 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered ... oval:org.secpod.oval:def:500407 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:201949 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:201891 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:112377 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:112456 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:113450 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:113463 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:113587 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:114136 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:114137 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:1800296 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800735 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgr ... oval:org.secpod.oval:def:1800044 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version:¶ postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, ... oval:org.secpod.oval:def:1800213 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:115447 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:203852 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:1501055 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:1501054 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:203770 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to ... oval:org.secpod.oval:def:203657 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:203580 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:501586 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:204570 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:89050894 This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group . - Moved bash profile out of /var/lib to allow transactional updates . oval:org.secpod.oval:def:500460 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:500465 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:200587 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:33765 The host is installed with PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14 or 8.2.x before 8.2.20 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle integers with a large number of digits to unspecified functio ... oval:org.secpod.oval:def:201520 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:4501267 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: memory disclosure in certain queries * postgresql: server processes unencrypted bytes from man-in-the-middle For ... oval:org.secpod.oval:def:1505357 postgresql [13.5-1] - Update to 13.5 - Resolves: #2024608 oval:org.secpod.oval:def:1505358 postgresql [12.9-1] - Update to 12.9 - Resolves: #2024677 oval:org.secpod.oval:def:2500248 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500345 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:4501318 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: memory disclosure in certain queries * postgresql: server processes unencrypted bytes from man-in-the-middle For ... oval:org.secpod.oval:def:59793 The host is installed with PostgreSQL 11.x before 11.3 and is prone to an information disclosure vulnerability. A flaw is present in the application fails to handle a purpose-crafted insert to a partitioned table. Successful exploitation allows attackers to read arbitrary bytes of server memory. oval:org.secpod.oval:def:116879 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:116877 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:114969 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:1701766 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:2500750 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500695 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:4500894 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox For more details about the security i ... oval:org.secpod.oval:def:4500892 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox For more details about the security i ... oval:org.secpod.oval:def:1505733 [10.21-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [10.21-1] - Resolves: CVE-2022-1552 - Update to 10.21 - Release notes: https://www.postgresql.org/docs/release/10.21/ [10.19-2] - Add missing files into file section ... oval:org.secpod.oval:def:1505742 postgresql [12.11-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [12.11-1] - Resolves: CVE-2022-1552 - Update to 12.11 - Release notes: https://www.postgresql.org/docs/release/12.11/ oval:org.secpod.oval:def:1505747 postgresql [13.7-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ oval:org.secpod.oval:def:5800089 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox For more details about the security i ... oval:org.secpod.oval:def:1701795 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1505648 [10.19-2] - Add missing files into file section of server package postgresql-setup v8.6 newly provides postgresql-upgrade oval:org.secpod.oval:def:4500028 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:4500025 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:1701647 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:4500041 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:1701749 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:1504956 [10.17-1] - Update to 10.17 Resolves: #1964520 Fix: CVE-2021-32027, CVE-2021-32028 oval:org.secpod.oval:def:4500076 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:1701725 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:2500432 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500483 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500247 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500364 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:73647 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT ... oval:org.secpod.oval:def:73646 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT . ... oval:org.secpod.oval:def:73641 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT . ... oval:org.secpod.oval:def:73642 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT ... oval:org.secpod.oval:def:1504965 [9.6.22-1] - Rebase to 9.6.22 Resolves: #1964516 Fix: CVE-2021-32027, CVE-2021-32028 oval:org.secpod.oval:def:1504975 pgaudit [1.5.0-1] - Update to version 1.5.0 Related: #1855776 postgresql [13.3-1] - Update to 13.3 Resolves: #1966338 Fix: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 oval:org.secpod.oval:def:1504973 pgaudit [1.4.0-6] - Fix build requires [1.4.0-5] - Fix build requires postgresql [12.7-1] - Update to 12.7 Resolves: #1964510 Fix: CVE-2021-32027,CVE-2021-32028 oval:org.secpod.oval:def:1503032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500083 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500148 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:114441 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:114542 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:114536 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:34004 The host is installed with PostgreSQL 9.5.x before 9.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted byte value in a BRIN index page. Successful exploitation allow attackers to bypass intended access restrictions and ... oval:org.secpod.oval:def:34003 The host is installed with PostgreSQL 9.5.x before 9.5.2 and is prone to an intended access restriction bypass vulnerability. A flaw is present in the application, which fails to properly maintain row-security status in cached plans. Successful exploitation allow attackers to bypass intended access ... oval:org.secpod.oval:def:1503467 Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:500239 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:501774 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:501775 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:109765 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:501701 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered ... oval:org.secpod.oval:def:501686 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to ... oval:org.secpod.oval:def:1501220 The remote host is missing a patch containing a security fix, which affects the following package(s): postgresql oval:org.secpod.oval:def:1501248 The remote host is missing a patch containing a security fix, which affects the following package(s): postgresql oval:org.secpod.oval:def:33750 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allow remote ... oval:org.secpod.oval:def:33752 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation all ... oval:org.secpod.oval:def:33751 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple stack based buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to an incorrec ... oval:org.secpod.oval:def:33749 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a function that is (1) defined in another language ... oval:org.secpod.oval:def:33748 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly enforce the ADMIN OPTION restriction. Successful exploit ... oval:org.secpod.oval:def:501193 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:501199 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:33756 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitati ... oval:org.secpod.oval:def:203041 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:203046 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:1500389 Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which gi ... oval:org.secpod.oval:def:1500395 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:2500920 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:89046910 This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension . - Upgrade to 10.21: - CVE-2022-1552: Confined additional operations within security restricted operation sandbo ... oval:org.secpod.oval:def:2500836 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:4501208 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Extension scripts replace objects not belonging to the extension. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:501548 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:108386 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:108415 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:1700079 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could bypas ... oval:org.secpod.oval:def:1502299 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502353 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ... oval:org.secpod.oval:def:114956 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:1501630 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:501924 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:113056 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:502136 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:1502025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502149 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:113099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:59792 The host is installed with PostgreSQL 11.x before 11.3, 10.x before 10.8, 9.5.x before 9.5.17 or 9.6.x before 9.6.13 and is prone to a security bypass vulnerability. A flaw is present in the application fails to handle an evaluation issue in row security policies. Successful exploitation allows atta ... oval:org.secpod.oval:def:205918 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SE ... oval:org.secpod.oval:def:205874 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SECU ... oval:org.secpod.oval:def:2500213 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:507594 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Extension scripts replace objects not belonging to the extension. * postgresql: Client memory disclosure when connecting with Kerberos to modified server For more details about the security issue, ... oval:org.secpod.oval:def:89051102 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16 . Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unkno ... oval:org.secpod.oval:def:4501484 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:1702074 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:1702076 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:1701777 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. While CVE-2016-2193 fixed most interaction between row security and user ID changes, it ... oval:org.secpod.oval:def:1702066 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:89051362 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:4501490 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. * postgresql: Client memory disclosure when connecting with Kerbe ... oval:org.secpod.oval:def:1701739 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1507182 pgaudit pg_repack postgres-decoderbufs postgresql [13.13-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35103668] [13.13-1] - Update to 13.13 - Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 - Resolves: RHEL-16085 RHEL-16123 oval:org.secpod.oval:def:1507231 pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rh ... oval:org.secpod.oval:def:89051147 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:1701699 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1701698 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1507219 pgaudit pg_repack postgres-decoderbufs postgresql oval:org.secpod.oval:def:1701678 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1701797 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1507222 [10.23-3.0.1] - Resolves: CVE-2023-5869 oval:org.secpod.oval:def:1701790 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1701793 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:500799 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:202341 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:202453 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:10727 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 or 8.4.x before 8.4.17 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to the contrib/pgcrypto functions. Successful exploitation a ... oval:org.secpod.oval:def:10728 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9 or 9.0.x before 9.0.13 and is prone to argument injection vulnerability. A flaw is present in the application, which fails to handle a connection request using a database name that begins with a "-" (hyphen). Successful exp ... oval:org.secpod.oval:def:500893 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202450 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202337 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:10726 The host is installed with PostgreSQL 9.2.x before 9.2.4 or 9.1.x before 9.1.9 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to properly check REPLICATION privileges. Successful exploitation allows attackers to bypass certain security restrictions a ... oval:org.secpod.oval:def:9328 The host is installed with PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16 or 8.3.x before 8.3.23 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly declare the enum_recv function in backend/utils ... oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:33772 The host is installed with PostgreSQL 8.3 before 8.3.19, 8.4 before 8.4.12, 9.0 before 9.0.8 or 9.1 before 9.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle (1) SECURITY DEFINER or (2) SET attributes to a procedural language ... oval:org.secpod.oval:def:33771 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle truncation of the common name. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:33774 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML value that refers to (1) a DTD or (2) an entity, relat ... oval:org.secpod.oval:def:33773 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle (1) stylesheet commands that are permitted by the libxslt sec ... oval:org.secpod.oval:def:33770 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly check the execute permission for trigger functions marked SECURITY DEFI ... oval:org.secpod.oval:def:33758 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle a crafted file containing object names with newlines, which are insert ... oval:org.secpod.oval:def:1503883 Updated postgresql84 and postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:500800 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:1503784 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:202960 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:33764 The host is installed with PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8 or 8.2 before 8.2.14 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle "re-LOAD-ing" libraries from a certain plugins directory. Successful exploitation allo ... oval:org.secpod.oval:def:33763 The host is installed with PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22 or 7.4 before 7.4.26 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly use the appropriate privileges fo ... oval:org.secpod.oval:def:33762 The host is installed with PostgreSQL 8.3 before 8.3.8 or 8.2 before 8.2.14 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an empty password. Successful exploitation allows remote attackers to bypass authentication. oval:org.secpod.oval:def:500625 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:202063 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:202043 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:1702145 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users oval:org.secpod.oval:def:1701700 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1701751 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1702182 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500837 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:202377 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:202362 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:1503882 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:507868 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:1702180 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702181 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702185 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:2600272 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:507893 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:507894 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:509115 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:1507358 pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rh ... oval:org.secpod.oval:def:1507353 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 Resolves: RHEL-16100, RHEL-16124, RHEL-16139 [15.3-1] - update to 15.3 - Fixes CVE-2023- ... oval:org.secpod.oval:def:507903 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: schema_element defeats protective search_path changes * postgresql: row security policies disregard user ID changes after inlining. * postgresql: Client memory disclosure when connecting with Kerbe ... oval:org.secpod.oval:def:1507355 pgaudit [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.6-3] - Release bump - enable gating postgres-decoderbufs [0.10.0-2] - Release bump for rebuild against libpq-12.1-3 postgresql [13.14-1.0.1] - update to 13.14 - Fixes CVE-2024-0985 oval:org.secpod.oval:def:1507364 [10.23-4.0.1] - Resolves: CVE-2024-0985 oval:org.secpod.oval:def:1507365 pgaudit [1.4.0-7] - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pg_repack postgres-decoderbufs postgresql [12.18-1.0.1] - Update to version 12.18 - Fixes CVE-2024-0985 oval:org.secpod.oval:def:1506604 [13.11-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35420628] [13.11-1] - Update to 13.11 - Resolves: #2207935 oval:org.secpod.oval:def:509042 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:509044 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:509046 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:509058 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:509064 PostgreSQL is an advanced object-relational database management system . Security Fix: postgresql: non-owner "REFRESH MATERIALIZED VIEW CONCURRENTLY" executes arbitrary SQL For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:1506917 pgaudit pg_repack postgres-decoderbufs postgresql [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 [15.2-1] - update to 15.2 - Resolves: #2128410 [15.0-2] - update postgresql-setup to 8.8 [15.0-1] - Initial import for postgresql 15 - Resolves: #2128410 oval:org.secpod.oval:def:1503394 Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:201561 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:201475 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:500036 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:1601237 A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password ... |
