ALT-BU-2018-3103-1
Branch sisyphus update bulletin.
Package postgresql9.6-1C updated to version 9.6.8-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Package postgresql9.6 updated to version 9.6.8-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Package postgresql9.5 updated to version 9.5.12-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Package postgresql9.4 updated to version 9.4.17-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Package postgresql9.3 updated to version 9.3.22-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Package postgresql10 updated to version 10.3-alt1 for branch sisyphus in task 201176.
Closed vulnerabilities
BDU:2019-01829
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
- 103221
- 103221
- RHSA-2018:2511
- RHSA-2018:2511
- RHSA-2018:2566
- RHSA-2018:2566
- RHSA-2018:3816
- RHSA-2018:3816
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- https://bugzilla.redhat.com/show_bug.cgi?id=1547044
- USN-3589-1
- USN-3589-1
- https://www.postgresql.org/about/news/1834/
- https://www.postgresql.org/about/news/1834/
Closed bugs
allow running not from the toplevel Git working dir perhaps?
Package github2spec updated to version 1.4.3-alt1 for branch sisyphus in task 201231.
Closed bugs
Выводится неверная версия
Требовать подходящую версию genspec
Не видит URL
Closed vulnerabilities
BDU:2016-02068
Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей
Modified: 2024-11-21
CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
Modified: 2024-11-21
CVE-2018-5950
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
- http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html
- http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html
- 104594
- 104594
- RHSA-2018:0504
- RHSA-2018:0504
- RHSA-2018:0505
- RHSA-2018:0505
- https://bugs.launchpad.net/mailman/+bug/1747209
- https://bugs.launchpad.net/mailman/+bug/1747209
- [debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update
- [debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update
- USN-3563-1
- USN-3563-1
- DSA-4108
- DSA-4108
- [mailman-users] 20180120 Mailman 2.1.26 Security release Feb 4, 2018
- [mailman-users] 20180120 Mailman 2.1.26 Security release Feb 4, 2018