ALT-PU-2018-2607-1
Package postgresql10-1C updated to version 10.6-alt1 for branch sisyphus in task 216238.
Closed vulnerabilities
Published: 2018-07-30
BDU:2019-01225
Уязвимость утилит pg_upgrade и pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL-команды
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-11-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 105923
- 105923
- 1042144
- 1042144
- RHSA-2018:3757
- RHSA-2018:3757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
- GLSA-201811-24
- GLSA-201811-24
- USN-3818-1
- USN-3818-1
- https://www.postgresql.org/about/news/1905/
- https://www.postgresql.org/about/news/1905/