ALT-BU-2019-3874-1
Branch p8 update bulletin.
Package postgresql11 updated to version 11.5-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Modified: 2024-11-21
CVE-2019-10209
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
Package postgresql9.4 updated to version 9.4.24-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Package postgresql9.5 updated to version 9.5.19-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Package postgresql9.6 updated to version 9.6.15-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Package postgresql10 updated to version 10.10-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Package postgresql10-1C updated to version 10.10-alt0.M80P.1 for branch p8 in task 235652.
Closed vulnerabilities
BDU:2019-03221
Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Modified: 2024-11-21
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208
- https://www.postgresql.org/about/news/1960/
Closed vulnerabilities
BDU:2020-01710
Уязвимость пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-12625
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
- https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
- https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html