pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
418afa96df
vuln-list-alt/oval/p11/ALT-PU-2019-1788/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

123 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191788",
"Version": "oval:org.altlinux.errata:def:20191788",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1788: package `postgresql10` update to version 10.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1788",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1788",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04641",
"RefURL": "https://bdu.fstec.ru/vul/2019-04641",
"Source": "BDU"
},
{
"RefID": "CVE-2019-10130",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql10 to version 10.8-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04641: Уязвимость системы управления базами данных PostgreSQL, связанная с некорректным контролем доступа, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2019-10130: A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-05-09"
},
"Updated": {
"Date": "2019-05-09"
},
"BDUs": [
{
"ID": "BDU:2019-04641",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-04641",
"Impact": "Low",
"Public": "20190730"
}
],
"CVEs": [
{
"ID": "CVE-2019-10130",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-284",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130",
"Impact": "Low",
"Public": "20190730"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191788001",
"Comment": "postgresql10 is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788002",
"Comment": "postgresql10-contrib is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788003",
"Comment": "postgresql10-docs is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788004",
"Comment": "postgresql10-perl is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788005",
"Comment": "postgresql10-python is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788006",
"Comment": "postgresql10-server is earlier than 0:10.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191788007",
"Comment": "postgresql10-tcl is earlier than 0:10.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink