Executive Summary

Summary
Titlepostgresql-9.6 security update
Informations
NameDSA-4269First vendor Publication2018-08-10
VendorDebianLast vendor Modification2018-08-10
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score6Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Two vulnerabilities have been found in the PostgreSQL database system:

CVE-2018-10915

Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects.

CVE-2018-10925

It was discovered that some "CREATE TABLE" statements could disclose server memory.

For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1878/

For the stable distribution (stretch), these problems have been fixed in version 9.6.10-0+deb9u1.

We recommend that you upgrade your postgresql-9.6 packages.

For the detailed security status of postgresql-9.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-9.6

Original Source

Url : http://www.debian.org/security/2018/dsa-4269

CWE : Common Weakness Enumeration

%idName
50 %CWE-285Improper Access Control (Authorization)
50 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application72
Application2
Application1
Os3
Os2
Os1
Os1
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-5d1f7bd2d7.nasl - Type : ACT_GATHER_INFO
2018-12-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1117.nasl - Type : ACT_GATHER_INFO
2018-12-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1118.nasl - Type : ACT_GATHER_INFO
2018-12-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1119.nasl - Type : ACT_GATHER_INFO
2018-10-31Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201810-08.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1311.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1312.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1080.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1079.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1080.nasl - Type : ACT_GATHER_INFO
2018-09-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1074.nasl - Type : ACT_GATHER_INFO
2018-08-31Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0178.nasl - Type : ACT_GATHER_INFO
2018-08-31Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0087.nasl - Type : ACT_GATHER_INFO
2018-08-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2557.nasl - Type : ACT_GATHER_INFO
2018-08-16Name : The remote Debian host is missing a security update.
File : debian_DLA-1464.nasl - Type : ACT_GATHER_INFO
2018-08-16Name : The remote Fedora host is missing a security update.
File : fedora_2018-d8f5aea89d.nasl - Type : ACT_GATHER_INFO
2018-08-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4269.nasl - Type : ACT_GATHER_INFO
2018-08-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_96eab8749c7911e8b34b6cc21735f730.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2018-10-10 00:22:10
  • Multiple Updates
2018-08-11 00:18:30
  • First insertion