Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0189)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0189

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0189)

Resumen: The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.

Descripción: Summary:
The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.

Vulnerability Insight:
Updated postgresql packages fix security vulnerabilities

CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.

CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns, this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read whatever
data had been sampled from that column. If this happened to include values
from rows that the user is forbidden to see by a row security policy, the
user could effectively bypass the policy. This is fixed by only allowing
a non-leakproof operator to use this data if there are no relevant row
security policies for the table.

Affected Software/OS:
'postgresql9.4, postgresql9.6' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-10129
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129
https://security.gentoo.org/glsa/202003-03
https://www.postgresql.org/about/news/1939/
Common Vulnerability Exposure (CVE) ID: CVE-2019-10130
SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0189
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0189)
Resumen:	The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory.
Descripción:	Summary: The remote host is missing an update for the 'postgresql9.4, postgresql9.6' package(s) announced via the MGASA-2019-0189 advisory. Vulnerability Insight: Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns, this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table. Affected Software/OS: 'postgresql9.4, postgresql9.6' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10129 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129 https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1939/ Common Vulnerability Exposure (CVE) ID: CVE-2019-10130 SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2022 Greenbone AG