ALT-BU-2018-3562-1
Branch sisyphus update bulletin.
Package postgresql10 updated to version 10.6-alt1 for branch sisyphus in task 216238.
Closed vulnerabilities
BDU:2019-01225
Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды
Modified: 2024-11-21
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
- 105923
- 105923
- 1042144
- 1042144
- RHSA-2018:3757
- RHSA-2018:3757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- GLSA-201811-24
- GLSA-201811-24
- USN-3818-1
- USN-3818-1
- https://www.postgresql.org/about/news/1905/
- https://www.postgresql.org/about/news/1905/
Package postgresql10-1C updated to version 10.6-alt1 for branch sisyphus in task 216238.
Closed vulnerabilities
BDU:2019-01225
Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды
Modified: 2024-11-21
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
- 105923
- 105923
- 1042144
- 1042144
- RHSA-2018:3757
- RHSA-2018:3757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- GLSA-201811-24
- GLSA-201811-24
- USN-3818-1
- USN-3818-1
- https://www.postgresql.org/about/news/1905/
- https://www.postgresql.org/about/news/1905/
Package postgresql11 updated to version 11.1-alt1 for branch sisyphus in task 216238.
Closed vulnerabilities
BDU:2019-01225
Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды
Modified: 2024-11-21
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
- 105923
- 105923
- 1042144
- 1042144
- RHSA-2018:3757
- RHSA-2018:3757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- GLSA-201811-24
- GLSA-201811-24
- USN-3818-1
- USN-3818-1
- https://www.postgresql.org/about/news/1905/
- https://www.postgresql.org/about/news/1905/
Closed bugs
Использование sudo для группы wheel по умолчанию