Download
| Alert*
oval:org.secpod.oval:def:116988
The libpq package provides the essential shared library for any PostgreSQL client program or interface. You will need to install this package to use any other PostgreSQL package or any clients that need to connect to a PostgreSQL server. oval:org.secpod.oval:def:116987 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:116985 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:89003266 This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner . oval:org.secpod.oval:def:89003168 This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner . oval:org.secpod.oval:def:1802026 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and len ... oval:org.secpod.oval:def:1601199 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function oval:org.secpod.oval:def:506036 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operationsandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SECUR ... oval:org.secpod.oval:def:505092 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql . Security Fix: * PostgreSQL: stack-based buffer overflow via setting a password * PostgreSQL: ALTER ... DEPENDS ON EXTENSION is ... oval:org.secpod.oval:def:1601449 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that cr ... oval:org.secpod.oval:def:1601200 PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this t ... oval:org.secpod.oval:def:505253 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:504987 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql96-postgresql . Security Fix: * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution * postgresql: Uncontroll ... oval:org.secpod.oval:def:66574 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:89050837 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner . oval:org.secpod.oval:def:89050642 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner . oval:org.secpod.oval:def:1601201 PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this t ... oval:org.secpod.oval:def:1503032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69633 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:1504988 [10.15-1] - Rebase to upstream release 10.15 Resolves: CVE-2020-25695 Resolves: CVE-2020-25694 Resolves: CVE-2020-25696 [10.14-1] - Rebase to upstream release 10.14 https://www.postgresql.org/docs/10/release-10-14.html [10.12-2] - Filter provides RHBZ#1719549 [10.12-1] - Rebase to upstream version 1 ... oval:org.secpod.oval:def:504281 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:1503160 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500148 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:604516 Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/ oval:org.secpod.oval:def:1504863 [9.2.24-6] - Patch fixing BZ#1741488 CVE-2019-10208 [9.2.24-5] - Patch fixing CVE-2020-25694 BZ#1907894 - Patch fixing CVE-2020-25695 BZ#1907895 oval:org.secpod.oval:def:604495 A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/ oval:org.secpod.oval:def:87204 The host is installed with PostgreSQL 11.x before 11.5, 10.x before 10.10, 9.6.x before 9.6.15, 9.5.x before 9.5.19, 9.4.x before 9.4.24 and is prone to a SQL injection vulnerability. A flaw is present in the application which fails to properly handle the SECURITY DEFINER function. Successful exploi ... oval:org.secpod.oval:def:69737 Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/ oval:org.secpod.oval:def:58360 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:58340 A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/ oval:org.secpod.oval:def:1700638 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that cr ... oval:org.secpod.oval:def:205874 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SECU ... oval:org.secpod.oval:def:205918 PostgreSQL is an advanced object-relational database management system . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted operation sandbox * postgresql: TYPE in pg_temp executes arbitrary SQL during SE ... oval:org.secpod.oval:def:705108 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. |