[3.6] postgresql: Multiple vulnerabilities (CVE-2017-12172, CVE-2017-15098, CVE-2017-15099)ID: oval:org.secpod.oval:def:1800286 | Date: (C)2018-03-28 (M)2021-11-15 |
Class: PATCH | Family: unix |
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql 9.5.10, postgresql 9.6.6, postgresql 10.1
Platform: |
Alpine Linux 3.6 |