Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4028-1:3DEDD
HistoryNov 09, 2017 - 9:40 p.m.

[SECURITY] [DSA 4028-1] postgresql-9.6 security update

2017-11-0921:40:01
lists.debian.org
8

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.1%

JSON

Debian Security Advisory DSA-4028-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2017 https://www.debian.org/security/faq

Package : postgresql-9.6
CVE ID : CVE-2017-15098 CVE-2017-15099

Several vulnerabilities have been found in the PostgreSQL database system:

CVE-2017-15098

Denial of service and potential memory disclosure in the
json_populate_recordset() and jsonb_populate_recordset() functions

CVE-2017-15099

Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE"
statements.

For the stable distribution (stretch), these problems have been fixed in
version 9.6.6-0+deb9u1.

We recommend that you upgrade your postgresql-9.6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armhflibecpg-dev< 9.6.6-0+deb9u1libecpg-dev_9.6.6-0+deb9u1_armhf.deb
Debian9hppalibpq5< 9.6.6-0+deb9u1libpq5_9.6.6-0+deb9u1_hppa.deb
Debian9armhfpostgresql-pltcl-9.6< 9.6.6-0+deb9u1postgresql-pltcl-9.6_9.6.6-0+deb9u1_armhf.deb
Debian9i386postgresql-plpython3-9.6< 9.6.6-0+deb9u1postgresql-plpython3-9.6_9.6.6-0+deb9u1_i386.deb
Debian9ppc64postgresql-plpython3-9.6< 9.6.6-0+deb9u1postgresql-plpython3-9.6_9.6.6-0+deb9u1_ppc64.deb
Debian9i386postgresql-client-9.6< 9.6.6-0+deb9u1postgresql-client-9.6_9.6.6-0+deb9u1_i386.deb
Debian9i386postgresql-pltcl-9.6< 9.6.6-0+deb9u1postgresql-pltcl-9.6_9.6.6-0+deb9u1_i386.deb
Debian9amd64libpgtypes3< 9.6.6-0+deb9u1libpgtypes3_9.6.6-0+deb9u1_amd64.deb
Debian9ppc64libpq-dev< 9.6.6-0+deb9u1libpq-dev_9.6.6-0+deb9u1_ppc64.deb
Debian9amd64postgresql-client-9.6< 9.6.6-0+deb9u1postgresql-client-9.6_9.6.6-0+deb9u1_amd64.deb
Rows per page:
1-10 of 2721

Related

nessus 15
archlinux 2
openvas 12
osv 4
ubuntu 1
freebsd 1
mageia 1
kaspersky 1
amazon 2
prion 2
postgresql 2
debiancve 2
veracode 2
cve 2
alpinelinux 2
ubuntucve 2
redhatcve 2
debian 1
suse 1
redhat 2
nessus
nessus
Debian DSA-4028-1 : postgresql-9.6 - security update
2017-11-10 00:00:00
FreeBSD : PostgreSQL vulnerabilities (1f02af5d-c566-11e7-a12d-6cc21735f730)
2017-11-10 00:00:00
SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2017:3391-1)
2017-12-26 00:00:00
archlinux
archlinux
[ASA-201711-18] postgresql-old-upgrade: multiple issues
2017-11-10 00:00:00
[ASA-201711-17] postgresql: multiple issues
2017-11-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:3391-1)
2021-04-19 00:00:00
Debian: Security Advisory (DSA-4028-1)
2017-11-08 00:00:00
Ubuntu: Security Advisory (USN-3479-1)
2017-11-15 00:00:00
osv
osv
postgresql-9.6 - security update
2017-11-09 00:00:00
CVE-2017-15099
2017-11-22 18:29:00
CVE-2017-15098
2017-11-22 17:29:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2017-11-14 00:00:00
freebsd
freebsd
PostgreSQL vulnerabilities
2017-10-10 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2017-11-29 21:52:42
kaspersky
kaspersky
KLA11147 Multiple vulnerabilities in PostgreSQL
2017-11-09 00:00:00
amazon
amazon
Medium: postgresql95, postgresql96
2017-12-05 22:18:00
Medium: postgresql92, postgresql93, postgresql94
2017-12-05 22:19:00
prion
prion
Privilege escalation
2017-11-22 18:29:00
Design/Logic Flaw
2017-11-22 17:29:00
postgresql
postgresql
Vulnerability in core server (CVE-2017-15099)
2017-11-22 18:29:00
Vulnerability in core server (CVE-2017-15098)
2017-11-22 17:29:00
debiancve
debiancve
CVE-2017-15099
2017-11-22 18:29:00
CVE-2017-15098
2017-11-22 17:29:00
veracode
veracode
Privilege Escalation
2019-05-16 03:23:26
Denial Of Service (DoS)
2019-01-15 09:24:40
cve
cve
CVE-2017-15099
2017-11-22 18:29:00
CVE-2017-15098
2017-11-22 17:29:00
alpinelinux
alpinelinux
CVE-2017-15099
2017-11-22 18:29:00
CVE-2017-15098
2017-11-22 17:29:00
ubuntucve
ubuntucve
CVE-2017-15098
2017-11-09 00:00:00
CVE-2017-15099
2017-11-09 00:00:00
redhatcve
redhatcve
CVE-2017-15098
2019-10-08 04:03:14
CVE-2017-15099
2017-11-13 10:19:33
debian
debian
[SECURITY] [DSA 4027-1] postgresql-9.4 security update
2017-11-09 21:36:41
suse
suse
Security update for postgresql95 (important)
2018-02-23 00:08:24
redhat
redhat
(RHSA-2018:2511) Important: rh-postgresql95-postgresql security update
2018-08-20 10:27:16
(RHSA-2018:2566) Important: rh-postgresql96-postgresql security update
2018-08-27 07:54:53

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.1%

JSON
Related for DEBIAN:DSA-4028-1:3DEDD
nessus15archlinux2openvas12osv4ubuntu1freebsd1mageia1kaspersky1amazon2prion2postgresql2debiancve2veracode2cve2alpinelinux2ubuntucve2redhatcve2debian1suse1redhat2