Download
| Alert*
oval:org.secpod.oval:def:89003005
This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a oval:org.secpod.oval:def:505200 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql12-postgresql . Security Fix: * postgresql: Uncontrolled search path element in logical replication * postgresql: Uncontrolled search path ele ... oval:org.secpod.oval:def:505248 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:1801751 Fixed In Version: postgresql 12.4, postgresql 11.9, postgresql 10.14 oval:org.secpod.oval:def:67031 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1601200 PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this t ... oval:org.secpod.oval:def:65336 The host is installed with PostgreSQL 9.x before 9.5.23, 9.6.x before 9.6.19, 10.x before 10.14 or 11.x before 11.9 or 12.x before 12.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application which fails to handle search_path safely in their installation script. Su ... oval:org.secpod.oval:def:89002981 This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules" installation scripts more secure. * https://www.postgresql.org/ ... oval:org.secpod.oval:def:505253 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:505199 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql . Security Fix: * postgresql: Uncontrolled search path element in logical replication * postgresql: Uncontrolled search path ele ... oval:org.secpod.oval:def:504987 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql96-postgresql . Security Fix: * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution * postgresql: Uncontroll ... oval:org.secpod.oval:def:67023 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:66574 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:89050386 This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules" installation scripts more secure. * https://www.postgresql.org/d ... oval:org.secpod.oval:def:89050449 This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules" installation scripts more secure. * https://www.postgresql.org/d ... oval:org.secpod.oval:def:89050311 This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules" installation scripts more secure. * https://www.postgresql.org/ ... oval:org.secpod.oval:def:119481 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that youll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the Po ... oval:org.secpod.oval:def:1601201 PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this t ... oval:org.secpod.oval:def:1503032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69633 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:69632 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Reconnection can downgrade connection security settings * postgresql: Multiple features escape security restricted ... oval:org.secpod.oval:def:1504988 [10.15-1] - Rebase to upstream release 10.15 Resolves: CVE-2020-25695 Resolves: CVE-2020-25694 Resolves: CVE-2020-25696 [10.14-1] - Rebase to upstream release 10.14 https://www.postgresql.org/docs/10/release-10-14.html [10.12-2] - Filter provides RHBZ#1719549 [10.12-1] - Rebase to upstream version 1 ... oval:org.secpod.oval:def:504281 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:1503160 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503163 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500083 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:2500148 PostgreSQL is an advanced object-relational database management system . oval:org.secpod.oval:def:705593 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:65338 postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. |