Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0189)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2019.0189

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2019-0189)

Zusammenfassung: The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.

Vulnerability Insight:
Updated postgresql packages fix security vulnerabilities

CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.

CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns, this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read whatever
data had been sampled from that column. If this happened to include values
from rows that the user is forbidden to see by a row security policy, the
user could effectively bypass the policy. This is fixed by only allowing
a non-leakproof operator to use this data if there are no relevant row
security policies for the table.

Affected Software/OS:
'postgresql9.4, postgresql9.6' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-10129
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129
https://security.gentoo.org/glsa/202003-03
https://www.postgresql.org/about/news/1939/
Common Vulnerability Exposure (CVE) ID: CVE-2019-10130
SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0189
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0189)
Zusammenfassung:	The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory. Vulnerability Insight: Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns, this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. Affected Software/OS: 'postgresql9.4, postgresql9.6' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10129 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129 https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1939/ Common Vulnerability Exposure (CVE) ID: CVE-2019-10130 SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2022 Greenbone AG