ALT-PU-2016-3314-1

Package postgresql9.5 updated to version 9.5.5-alt1 for branch sisyphus in task 171468.

Уязвимость системы управления базами данных PostgreSQL, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1378043
https://www.postgresql.org/support/security/
https://bugzilla.redhat.com/show_bug.cgi?id=1378043
https://www.postgresql.org/support/security/

Version: 2.1.2

Package postgresql9.5 update in sisyphus on 2016-10-27

ALT-PU-2016-3314-1

Closed vulnerabilities

BDU:2023-00904

CVE-2016-7048