ALT Linux Team

Branch sisyphus update on 2018-11-09

2018-11-09

ALT-BU-2018-3562-1

Branch sisyphus update bulletin.

ALT-PU-2018-2606-1

Package postgresql10 updated to version 10.6-alt1 for branch sisyphus in task 216238.

Closed vulnerabilities

Published: 2018-07-30

BDU:2019-01225

Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-11-13
Modified: 2024-11-21

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2607-1

Package postgresql10-1C updated to version 10.6-alt1 for branch sisyphus in task 216238.

Closed vulnerabilities

Published: 2018-07-30

BDU:2019-01225

Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-11-13
Modified: 2024-11-21

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2608-1

Package postgresql11 updated to version 11.1-alt1 for branch sisyphus in task 216238.

Closed vulnerabilities

Published: 2018-07-30

BDU:2019-01225

Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-11-13
Modified: 2024-11-21

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2612-1

Package sudo updated to version 1.8.25p1-alt2 for branch sisyphus in task 216272.

Closed bugs

Bug #18344

Использование sudo для группы wheel по умолчанию

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top