You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa PostgreSQL

Sigurnosni nedostatak programskog paketa PostgreSQL

==========================================================================
Ubuntu Security Notice USN-4027-1
June 20, 2019

postgresql-10, postgresql-11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS

Summary:

PostgreSQL could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– postgresql-11: Object-relational SQL database
– postgresql-10: Object-relational SQL database

Details:

Alexander Lakhin discovered that PostgreSQL incorrectly handled
authentication. An authenticated attacker or a rogue server could use this
issue to cause PostgreSQL to crash, resulting in a denial of service, or
possibly execute arbitrary code. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
postgresql-11 11.4-0ubuntu0.19.04.1

Ubuntu 18.10:
postgresql-10 10.9-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
postgresql-10 10.9-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://usn.ubuntu.com/4027-1
CVE-2019-10164

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-11/11.4-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/postgresql-10/10.9-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/postgresql-10/10.9-0ubuntu0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0LrewACgkQZWnYVadE
vpMa6g/+OQ6SGa65eVdatcxNS1wNRP3/H9cOcRj8GbCA1u3zamnV3P3onGpAXsrU
NrWpVHxSREiyu9yY4MaDZaxK9faHbe/wfezOWqRNclF5APuxkeK6zwvHoL8CaVwi
DTPhjQTHxiFgIUj+Z5cP7ieCv8JLjtaPvmeA4fmPxVsXgaJX6xOLXyx+LE2pG3+E
snmcfsr27MVkuCFwqnCUQHdfhKWDBG66uGxRiLhr/vt7y0KoVRkT84+whYm7vw32
BAGAOxH9bruA0vD3qX4tjxDirmwEUx468wEmPFz0tvy6PKj1gy7TlztR4l1pvtbm
i82JWyVoTW7i7LSt2K2k3xeXknGIFx7Ghlrq/mphpaxZRtPLwIewjAC2Ig9oINwV
kTcE7H4L3fYLDpaVSYanm0/3pJybcac/okcmQ7DJ7ximMQab8kfXu6zdTzbZsqJk
nrUi1ss1qUeiD6Yt/LUrcWDxX9Vbmc4XADaDehAUtXTz2vzFnF4/Wxalr4XKuu3n
Eei6Q3zOd7YsuRK5FGRkRcoY6vtEDQr3e+tTc8oG/A9zhHzMsH3DQBTAVffjdLRu
5A80Ok4MixccuQf33Z4DwVpp+wJtP/jFydzuwZKV2f+K4wNdZvNEGwzc4Vl2HB5S
WPbVNRBesAJKk0eSg0j57iwgXWeeFoaAweUzCZRaTCQiwlxvKjM=
=PWBA
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava FreeBSD. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close