ALT-PU-2019-2456-1

Package update postgresql11 in branch p8

Version11.5-alt0.M80P.1

Published2019-08-13

Max severityHIGH

Severity:

Closed issues (3)

HIGH8.8

Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды

Published: 2019-09-18Modified: 2023-11-20

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

References

HIGH8.8

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Published: 2019-10-29Modified: 2024-11-21

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

LOW2.2

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

Published: 2019-10-29Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS 3.xLOW 2.2

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

References