KLA11572
Multiple vulnerabilities in PostgreSQL
Обновлено: 08/10/2019
Дата обнаружения
09/05/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A vulnerability in PostgreSQL can be exploited via reading the most common values of certain columns to bypass security restrictions;
  2. A vulnerability in PostgreSQL can be exploited via reading arbitrary data directory files to execute arbitrary code;
  3. A vulnerability in PostgreSQL can be exploited via reading arbitrary bytes of server memory to obtain sensitive information;
Пораженные продукты

PostgreSQL 11.x earlier than 11.3
PostgreSQL 10.x earlier than 10.8
PostgreSQL 9.6.x earlier than 9.6.13
PostgreSQL 9.5.x earlier than 9.5.17
PostgreSQL 9.4.x earlier than 9.4.22

Решение

Update to latest version
Download PostgreSQL

Первичный источник обнаружения
PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
PostgreSQL
CVE-IDS