EUVD-2018-11759

Malware in sbrugna...

CVE-2018-1115

It was found that pgcatalog.pglogfilerotate, from the adminpack extension, did not follow the same ACLs than pgroratelogfile. If the adminpack is added to a database, an attacker able to connect to it could use this flaw to force log rotation...

openSUSE Security Update : postgresql10 (openSUSE-2019-659)

This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

Important: postgresql96

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

openSUSE Security Update : postgresql10 (openSUSE-2018-955)

This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...

SUSE-SU-2018:2564-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: PostgreSQL 10 was updated to 10.5: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...

openSUSE Security Update : postgresql96 (openSUSE-2018-638)

PostgreSQL was updated to 9.6.9 fixing bugs and security issues : Release notes : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension,...

SUSE-SU-2018:1695-1 Security update for postgresql96

PostgreSQL was updated to 9.6.9 fixing bugs and security issues: Release notes: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension, yo...

PostgreSQL logrotate Vulnerability (May 2018) - Linux

PostgreSQL is vulnerable in the adminpack extension, the pgcatalog.pglogfilerotate function doesn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pgcatalog.pglogfilerotate function doesn't follow the same ACLs than pgroratelogfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation...

CVE-2018-1115

CVE-2018-1115 affects PostgreSQL deployments using the adminpack extension, where pg_catalog.pg_logfile_rotate() does not enforce the same ACLs as pg_rotate_logfile. This could allow an attacker who can connect to a database with adminpack loaded to trigger log rotation, bypassing intended access...