drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PostgreSQL
Name: |
Zwei Probleme in PostgreSQL |
|
ID: |
USN-4090-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.04 |
|
Datum: |
Fr, 9. August 2019, 13:29 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10209 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
--===============1082489700797136395== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4090-1 August 09, 2019
postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database
Details:
Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. (CVE-2019-10208)
Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory). This issue only affected Ubuntu 19.04. (CVE-2019-10209)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: postgresql-11 11.5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS: postgresql-10 10.10-0ubuntu0.18.04.1
Ubuntu 16.04 LTS: postgresql-9.5 9.5.19-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://usn.ubuntu.com/4090-1 CVE-2019-10208, CVE-2019-10209
Package Information: https://launchpad.net/ubuntu/+source/postgresql-11/11.5-0ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.10-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.19-0ubuntu0.16.04.1
--0F1p//8PRICkK4MW Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl1MvSYACgkQLwmejQBe gfQ+Jg/9HuD6k942zijq70U15qjPLPhriOPmfLkldbd8UwSlWyZcUhwsKr+JPQaw LVGO1XguCey0BXI3ik2V6rEKN328N8J5OFu9VB4hVXLWEsd6sM0Hba0IJndFPE5k oAYyAYFReZa+6N8ZGgXICj+/wT+bVDc1zzQ4uU3c3ewGnAiIuRsD15sBPsPg4bJ1 symKzvad+3MocB2w1OfLgojVfkRs67AkEoX4NpQvr72KfZWSCSIunDEYrmztvCQ7 Pa8UO/zKxX4AEVMkq4zNiBUcH9p+6+RltyjCyFEowqx+2EHnwH377xwbQ5wSFopz ZmbNxe59Oeoi/sJAmqG+oWaGDi4HaeIHE9pC2YAp9a/VRYK6bm7VWKUxiwLJs/+u EhsYsTY12PaugaXO4obQ/Vd5WHXGLwsugjysQ+IXra8G2ZVjIDpS04KWHOGwyZ7z RCIn7mIIF/1VSOZq86dW0+LAYgAjYr1uUaXf324VREO7AWHA5rnLfL4wyFOuXkl2 lMUKClO9h6t63lpB/+xU9gofn4b0OSPlTdHNT232v23+WqZ1XxJ2UY50eMg85IOu LL+Ye/LnoqL4GGtVePJhKfHC9/ES1QWz1uG8OUivOKPuoAXOAvdj984hcx3E6ZNX RoG1Q+KvZZQDJ9yVVobnigbKQJSVzrEfKXeSggXsQ7PTjCT3hMo= =TjW8 -----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--
--===============1082489700797136395== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|