Download
| Alert*
|
oval:org.secpod.oval:def:32375
postgresql94 is installed oval:org.secpod.oval:def:1600811 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ... oval:org.secpod.oval:def:89045340 This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference . - CVE-2016-5424: Fix client programs" handling of special characters in database and role names oval:org.secpod.oval:def:89002452 This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq"s state fully between connection attempts. postgresql was updated to 9.4.18: - https ... oval:org.secpod.oval:def:89003266 This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner . oval:org.secpod.oval:def:89002398 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable oval:org.secpod.oval:def:89002553 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset . - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE . Bug fixes: - ... oval:org.secpod.oval:def:89044792 This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. - CVE-2017-7485: Recognize PGREQUIRESSL variable again. - CVE-2017-7484: Pr ... oval:org.secpod.oval:def:1600960 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600869 Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database oval:org.secpod.oval:def:89002190 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications . Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://ww ... oval:org.secpod.oval:def:1600707 Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables ... oval:org.secpod.oval:def:1600929 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:89045165 An update that fixes two vulnerabilities is now available. Description: This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949 ... oval:org.secpod.oval:def:89044802 This update for postgresql94 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: lo_put ... oval:org.secpod.oval:def:89044621 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: ... oval:org.secpod.oval:def:1200180 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service via unspecified vectors, which are not properly handled in json or jsonb values. The crypt function in contrib/pgcrypto in PostgreSQL ... oval:org.secpod.oval:def:89045169 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:400706 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:1600767 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... |
