Errata ALT-PU-2019-2383-1: Information

Package name: postgresql11
Version: 11.5-alt1
Bulletin updated: Aug. 7, 2019
Task: #235637

Fixes

Published: Oct. 29, 2019

BDU:2019-03221

Уязвимость функции SECURITY DEFINER системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные SQL команды
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 29, 2019
Modified: Aug. 17, 2020

CVE-2019-10208

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 29, 2019
Modified: Oct. 1, 2020

CVE-2019-10209

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
Severity: LOW (2.2) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top