Download
| Alert*
oval:org.secpod.oval:def:89002163
This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation . Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.o ... oval:org.secpod.oval:def:504904 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql . Security Fix: * postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING For more details abou ... oval:org.secpod.oval:def:49796 The host is installed with PostgreSQL 10.x before 10.6 or 11.x before 11.1 and is prone to an SQL injection vulnerability. The flaw present in the application's pg_upgrade and pg_dump. Successful exploitation allows attackers to cause arbitrary SQL statements to run, with superuser privileges. oval:org.secpod.oval:def:89002499 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation . Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.o ... oval:org.secpod.oval:def:51167 postgresql-10: Object-relational SQL database PostgreSQL could be made to run SQL statements as the administrator. oval:org.secpod.oval:def:704391 postgresql-10: Object-relational SQL database PostgreSQL could be made to run SQL statements as the administrator. |