drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in PostgreSQL
Name: |
Preisgabe von Informationen in PostgreSQL |
|
ID: |
USN-3564-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10 |
|
Datum: |
Sa, 10. Februar 2018, 10:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1053 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
--===============7348960617380109142== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-zTOMpVcOdpO8uCkzM32+"
--=-zTOMpVcOdpO8uCkzM32+ Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3564-1 February 09, 2018
postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
PostgreSQL could be made to expose sensitive information.
Software Description: - postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database
Details:
It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: postgresql-9.6 9.6.7-0ubuntu0.17.10
Ubuntu 16.04 LTS: postgresql-9.5 9.5.11-0ubuntu0.16.04
Ubuntu 14.04 LTS: postgresql-9.3 9.3.21-0ubuntu0.14.04
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3564-1 CVE-2018-1053
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.7-0ubuntu0.17.10 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.11-0ubuntu0.16.04 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.21-0ubuntu0.14.04 --=-zTOMpVcOdpO8uCkzM32+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJafcL1AAoJEEW851uECx9pPkkP/27el5XNkl/75UYy2icfVZvq stutp7Fh3cgyRuEHXRnHE+vx1WDGWhZU1FlHDsBJNHD2KBEj0eg5/tQ8NWCKOmjj 7zgvRFALNn5zQI3Hei4FIH712ji3Hy6oWi/ifwYDWfSpaI4a7Plf8UiC59oChJAo KyXaabLg/apcPzOi6dtf0sjDa54O7kczJqx6JpW/0aCGgNJUfISe7PcqxxJcvULa ChGwRRSw576WyxQi7817wIAFFHdzJQWH/4SAOvPCfUrBENJE3b3VxhdOEL9irilq nktXehlEUtWyA4qzqGgzfvb7mYrm4kfbeBaQTm0mo41JMgDyjAUVwQlak6bu4C6W 07T5vby3sfm0rF5SeFylZVLB8erK77o15WqC4os4x2k+1sVt1JaC67wqtjZ+LuZa vtqVn0cAcL0ebqjMLnVVf/xlD27yJTUiVHsJO7qnv5E5igFZel45+ScGiWB/7AUi HTgHOnCB0nTfpgR9YyO4dLqsUyhT+Jrunh14MP0XN0fFZpF7bQt/glptU0uSL0Ie rGVQYyRVyZj8P0ZdOwPrib00rW9IOVBlR3fkIz0coaLgk3mh4W9Fl9r9KmDdiAuR 2QFvbJQWeUzyTIL8fcZeDKR92JB70K+j08uNSem6zvhV8zeuhCAHgNvp4WvK8m/c tUyy5Bq9cMhvifodd8jk =XP8v -----END PGP SIGNATURE-----
--=-zTOMpVcOdpO8uCkzM32+--
--===============7348960617380109142== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============7348960617380109142==--
|
|
|
|