Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0225)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0225

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0225)

Resumen: The remote host is missing an update for the 'postgresql9.4, postgresql9.6, postgresql11' package(s) announced via the MGASA-2019-0225 advisory.

Descripción: Summary:
The remote host is missing an update for the 'postgresql9.4, postgresql9.6, postgresql11' package(s) announced via the MGASA-2019-0225 advisory.

Vulnerability Insight:
Updated postgresql packages fix security vulnerabilities:

Given a suitable SECURITY DEFINER function, an attacker can execute
arbitrary SQL under the identity of the function owner. An attack requires
EXECUTE permission on the function, which must itself contain a function
call having inexact argument type match. For example, length('foo'::varchar)
and length('foo') are inexact, while length('foo'::text) is exact
(CVE-2019-10208).

In a database containing hypothetical, user-defined hash equality operators,
an attacker could read arbitrary bytes of server memory. For an attack to
become possible, a superuser would need to create unusual operators. It is
possible for operators not purpose-crafted for attack to have the properties
that enable an attack, but we are not aware of specific examples
(CVE-2019-10209).

This update also fixes over 40 bugs that were reported in the last several
months. See the upstream release notes for details.

Affected Software/OS:
'postgresql9.4, postgresql9.6, postgresql11' package(s) on Mageia 6, Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-10208
https://www.postgresql.org/about/news/1960/
SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-10209

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0225
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0225)
Resumen:	The remote host is missing an update for the 'postgresql9.4, postgresql9.6, postgresql11' package(s) announced via the MGASA-2019-0225 advisory.
Descripción:	Summary: The remote host is missing an update for the 'postgresql9.4, postgresql9.6, postgresql11' package(s) announced via the MGASA-2019-0225 advisory. Vulnerability Insight: Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and length('foo') are inexact, while length('foo'::text) is exact (CVE-2019-10208). In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples (CVE-2019-10209). This update also fixes over 40 bugs that were reported in the last several months. See the upstream release notes for details. Affected Software/OS: 'postgresql9.4, postgresql9.6, postgresql11' package(s) on Mageia 6, Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10208 https://www.postgresql.org/about/news/1960/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2019-10209
Copyright	Copyright (C) 2022 Greenbone AG