drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PostgreSQL
Name: |
Zwei Probleme in PostgreSQL |
|
ID: |
USN-3744-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
|
Datum: |
Do, 16. August 2018, 17:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10925 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============9215472945567343052== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="hMjEcHzareA4PbbJ0jOZ178mmDOnn5M4B"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hMjEcHzareA4PbbJ0jOZ178mmDOnn5M4B Content-Type: multipart/mixed; boundary="FTZ5eiguhezqE3vKyoU0jIgV1hde2k6js"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <4f2070db-f632-2398-79ad-2ff5a5205865@canonical.com> Subject: [USN-3744-1] PostgreSQL vulnerabilities
--FTZ5eiguhezqE3vKyoU0jIgV1hde2k6js Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3744-1 August 16, 2018
postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database
Details:
Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915)
It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: postgresql-10 10.5-0ubuntu0.18.04
Ubuntu 16.04 LTS: postgresql-9.5 9.5.14-0ubuntu0.16.04
Ubuntu 14.04 LTS: postgresql-9.3 9.3.24-0ubuntu0.14.04
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3744-1 CVE-2018-10915, CVE-2018-10925
Package Information: https://launchpad.net/ubuntu/+source/postgresql-10/10.5-0ubuntu0.18.04 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.14-0ubuntu0.16.04 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.24-0ubuntu0.14.04
--FTZ5eiguhezqE3vKyoU0jIgV1hde2k6js--
--hMjEcHzareA4PbbJ0jOZ178mmDOnn5M4B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlt1i1UACgkQZWnYVadE vpPIwQ/4rmtcttavTUo2gbUNQylZWlXtKwNMwK2YfbUMdZQewG+FmUjqftkt6fOH ZXok4KcwP4RUbvnrvUmOwSMpl/Xr4RZtO6rVypSrjcHL6OBuNRuqNAbd0kk5b5GG xy43M9QT2WFS8PQ4Jpv8jugmAjI/l9RM885N0BDLBl++4sYOwh+65gIN+VxpIRoo vtq5saPQYsg+qchlz1BPxfFkEgY+WHEes7+oDE0x1SipXq2FJGW0EWIiU/lpA509 xt94Li8JkFgE8R3XMQXOwXAwqzl6ZIEib0rFzTXIuU83sddsIa5BNRMXFOxnHKFT R3q/MZ+Krw3DQRI2RkGG6KeakXzRCjF2w3IxbJ4EzIKyOTR7zTE2rGwsHRlgYBpZ FhjeVBBto8BVzrC2m5ZnQeV9nc6tOW8I20O1IJ+Bjbu/CEfO9/G154xP92XswNjy q6lR6afK+JcwvJFvghVHwvXP1o1Bhr1Wwa7EpWR9I01JQ/a/Y1UX2ST3ayuWklMp F1YVhlBK6iqM87sEZ+41Z/CfOao1tEHHSva4+67aJ1xVkWId1n7BXyB4XT4bB30I 3AT/UdmvIMRFE3TFulKoNVN6GicvQwWY2xS1Kurs6kMX+FNxeZrmG8jzVfkrOb/L M/gjhF3p8lUaxxrlEa6Js5aVdQzvYBnst1URWx2zB1pcHFfu4w== =s+j8 -----END PGP SIGNATURE-----
--hMjEcHzareA4PbbJ0jOZ178mmDOnn5M4B--
--===============9215472945567343052== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============9215472945567343052==--
|
|
|
|