ALT Linux Team

Branch t7 update on 2018-05-24

2018-05-24

ALT-BU-2018-3267-1

Branch t7 update bulletin.

ALT-PU-2018-1772-1

Package postgresql10 updated to version 10.4-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:

ALT-PU-2018-1773-1

Package postgresql9.3 updated to version 9.3.23-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:

ALT-PU-2018-1774-1

Package postgresql9.4 updated to version 9.4.18-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:

ALT-PU-2018-1775-1

Package postgresql9.5 updated to version 9.5.13-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:

ALT-PU-2018-1776-1

Package postgresql9.6 updated to version 9.6.9-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:

ALT-PU-2018-1777-1

Package postgresql9.6-1C updated to version 9.6.9-alt0.M70P.1 for branch t7 in task 206779.

Closed vulnerabilities

Published: 2018-05-10

BDU:2019-04242

Уязвимость функции pg_catalog.pg_logfile_rotate() модуля adminpack системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2018-05-10
Modified: 2024-11-21

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top