Gentoo Linux Security Advisory 201710-6 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.6.4 are affected.
165974e03a3e00d2c81ef01f248a41fb00e38c546ce5bffa02f387a6a880db6aRed Hat Security Advisory 2017-2425-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
ca8ad47d3f723a61273cac1700b53c8711537097c80d0745760b2136039712beRed Hat Security Advisory 2017-1838-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
b8da1a65f0ca936bedb76c56b840e6863ef2bc0aa2a3073a608795956545a09aRed Hat Security Advisory 2017-1678-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
92dc2804c54c12caa0fcc7c0463d985618fd0263c14dbf07a2a9d646635de31cRed Hat Security Advisory 2017-1677-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
6a2a2bbb20f6e4a8d8c3e38008887bf59099e8071cb8e8af51234ac3b21fa488
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed