PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use t ...
PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. * It was di ...
This update for ghostscript fixes the following issues: - bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn"t be opened in okular/evince .
This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed re ...
This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript"s -dsafer flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. - Insufficient validation of ...
This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass security manager protections. - CVE-2014-0227: Limited DoS in chunked transfer encoding input filter. It w ...