ALT-BU-2021-3753-1
Branch p9 update bulletin.
Closed bugs
apol: не открывается справка
Package postgresql12 updated to version 12.6-alt0.M90P.1 for branch p9 in task 266186.
Closed vulnerabilities
BDU:2021-00810
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками механизмов безопасности, позволяющая нарушителю получить значения столбцов из сообщения об ошибке (без привилегии SELECT)
Modified: 2024-11-21
CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Package postgresql11 updated to version 11.11-alt1 for branch p9 in task 266186.
Closed vulnerabilities
BDU:2021-00810
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками механизмов безопасности, позволяющая нарушителю получить значения столбцов из сообщения об ошибке (без привилегии SELECT)
Modified: 2024-11-21
CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Package postgresql12-1C updated to version 12.5-alt5 for branch p9 in task 266186.
Closed vulnerabilities
BDU:2021-00810
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками механизмов безопасности, позволяющая нарушителю получить значения столбцов из сообщения об ошибке (без привилегии SELECT)
Modified: 2024-11-21
CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Closed vulnerabilities
BDU:2021-01805
Уязвимость реализации протокола LLDP под Unix Lldpd, программного многоуровневого коммутатора Open vSwitch, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- FEDORA-2023-c0c184a019
- FEDORA-2023-c0c184a019
- FEDORA-2023-88991d2713
- FEDORA-2023-88991d2713
- FEDORA-2023-3e4feeadec
- FEDORA-2023-3e4feeadec
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- GLSA-202311-16
- GLSA-202311-16
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07