266 matches found
PostgreSQL 8.x/9.x 存在多个安全漏洞
CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集 PostgreSQL存在多个安全漏洞,允许恶意用户绕过部分安全限制,进行伪造攻击或操作某些数据 -在触发函数上没有对CREATE TRIGGER进行正确的权限检查,可利用此漏洞标记触发函数为SECURITY DEFINER,可授权EXECUTE权限 -在校验SSL证书的公用名时不正确把名称截断为32个字符,可导致不正确校验伪造证书...
BSA-005 Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...
[Backports-security-announce] Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...
SLES10: Security update for PostgreSQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-libs postgresql-pl postgresql-server More details may also be found by searching fo...
SLES9: Security update for PostgreSQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: postgresql-libs postgresql-pl postgresql-devel postgresql-docs postgresql postgresql-server postgresql-contrib For more information, please visit the...
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1460-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq -...
Mandrake Linux Security Advisory : postgresql (MDKSA-2007:094)
A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. IMPORTANT NOTICE FOR CORPORATE...
Fedora Core 5 : postgresql-8.1.4-1.FC5.1 (2006-578)
Mon May 22 2006 Tom Lane 8.1.4-1.FC5.1 - Update to PostgreSQL 8.1.4 includes fixes for CVE-2006-2313, CVE-2006-2314; see bug 192173 - Update to PyGreSQL 3.8 - Update to jdbc driver build 406 - Suppress noise from chcon, per bug 187744 Note that Tenable Network Security has extracted the preceding...
CVE-2005-0244
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...
PostgreSQL 8.01 - Remote Reboot (Denial of Service)
/ PostgreSQL Remote Reboot include include include include include define DEFAULTPORT "5321" define DEFAULTDB "postgresql" define FUNCNAME "uKttest" define TABLENAME "unl0cktable" char str4000; char create="CREATE OR REPLACE FUNCTION %s RETURNS integer AS $$\n"; char declare = "DECLARE\n"; char c...
Important: Red Hat Security Advisory: postgresql security update
Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 2.1AS. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw...
RHEL 2.1 : postgresql (RHSA-2005:150)
Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 2.1AS. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw...
Important: Red Hat Security Advisory: postgresql security update
Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. A flaw in the LOAD command in PostgreSQL was discovered. A local user could use...
RHEL 3 : rh-postgresql (RHSA-2005:141)
Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 3. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shar...
CVE-2005-0246
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service crash via crafted arrays...
CVE-2005-0227
PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...
[SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading
-------------------------------------------------------------------------- Debian Security Advisory DSA 667-1 [email protected] http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq -...
Low: Red Hat Security Advisory: rh-postgresql security update
Updated rh-postgresql packages that fix various bugs are now available. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects, and user-defined types and functions. Trustix has identified improper...
CVE-2003-0901
Buffer overflow in toascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code...
teapop SQL injection
SQL injection is possible during authentication if postgresql or mysql is used...