262 matches found
OPENSUSE-SU-2019:2685-1 Security update for postgresql
This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group bsc1123886. - Moved bash profile out of /var/lib to allow transactional updates bsc1100397. This update was imported from the SUSE:SLE-15:Update upda...
SUSE-SU-2019:3212-1 Security update for postgresql
This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group bsc1123886. - Moved bash profile out of /var/lib to allow transactional updates bsc1100397...
DLA-1994-1 postgresql-common - security update
Bulletin has no description...
CVE-2019-10209
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan...
SUSE-SU-2019:1783-2 Security update for postgresql10
This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing bsc1138034. More information at https://www.postgresql.org/docs/10/release-10-9.html...
SUSE-SU-2019:2012-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing bsc1138034. - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators bsc1134689. Bug fixes: ...
MGASA-2019-0204 Updated postgresql11 packages fix security vulnerabilities
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally...
CVE-2017-18359
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted STAsX3D function input, as demonstrated by an abnormal server termination for "SELECT STAsX3D'LINESTRING EMPTY';" because empty geometries are mishandled...
Security update for postgresql10 (moderate)
This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pgdump emits CREATE TRIGGER could have caused privilege escalation bsc1114837. Non-security issues fixed: - Update to release 10.6:...
SUSE-SU-2018:3909-1 Security update for postgresql94
This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have...
MGASA-2018-0137 Updated postgresql packages fix security vulnerability
In postgresql 9.4.x before 9.4.16 and 9.6.x before 9.6.7, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which is normally used for other temporary files. This can allow ...
SUSE-SU-2018:0506-1 Security update for postgresql94
This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pgupgrade are non-world-readable...
SUSE-SU-2018:0507-1 Security update for postgresql96
This update for postgresql96 to version 9.6.7 fixes the following issues: - CVE-2018-1053: Ensure that all temporary files made by pgupgrade are non-world-readable. bsc1077983 A full changelog is available here: https://www.postgresql.org/docs/9.6/static/release-9-6-7.html...
SUSE-SU-2017:3391-1 Security update for postgresql96
This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in jsonbpopulaterecordset bsc1067844. - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases bsc106784...
PostgreSQL Security Bypass Vulnerability (Dec 2017) - Linux
PostgreSQL is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
MGASA-2017-0428 Updated postgresql packages fix security vulnerabilities
The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...
CVE-2017-12172
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...
MGASA-2017-0316 Updated postgresql9.3/4/6 packages fix security vulnerabilities
libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...
Updated postgresql9.4 packages fix security vulnerabilities
Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...
openSUSE Security Update : postgresql93 (openSUSE-2016-1140)
The postgresql server postgresql93 was updated to 9.3.14 fixes the following issues : Update to version 9.3.14 : - Fix possible mis-evaluation of nested CASE-WHEN expressions CVE-2016-5423, boo993454 - Fix client programs' handling of special characters in database and role names CVE-2016-5424,...