rhsa-2018_3816
Vulnerability from csaf_redhat
Published
2018-12-13 15:15
Modified
2024-09-13 16:54
Summary
Red Hat Security Advisory: CloudForms 4.6.6 security, bug fix and enhancement update
Notes
Topic
An update is now available for CloudForms Management Engine 5.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)
* postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925)
* postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask (CVE-2018-1053)
* postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915, CVE-2018-10925 and CVE-2018-1053. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Tom Lane as the original reporter of CVE-2018-1053.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for CloudForms Management Engine 5.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)\n\n* postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925)\n\n* postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask (CVE-2018-1053)\n\n* postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915, CVE-2018-10925 and CVE-2018-1053. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Tom Lane as the original reporter of CVE-2018-1053.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3816",
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/release_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/release_notes"
},
{
"category": "external",
"summary": "1539619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539619"
},
{
"category": "external",
"summary": "1547044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044"
},
{
"category": "external",
"summary": "1609891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609891"
},
{
"category": "external",
"summary": "1610547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610547"
},
{
"category": "external",
"summary": "1612619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612619"
},
{
"category": "external",
"summary": "1618836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618836"
},
{
"category": "external",
"summary": "1623562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623562"
},
{
"category": "external",
"summary": "1634809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634809"
},
{
"category": "external",
"summary": "1635034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635034"
},
{
"category": "external",
"summary": "1635255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635255"
},
{
"category": "external",
"summary": "1635759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635759"
},
{
"category": "external",
"summary": "1635788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635788"
},
{
"category": "external",
"summary": "1638501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638501"
},
{
"category": "external",
"summary": "1639351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639351"
},
{
"category": "external",
"summary": "1639353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639353"
},
{
"category": "external",
"summary": "1639364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639364"
},
{
"category": "external",
"summary": "1640194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640194"
},
{
"category": "external",
"summary": "1640258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640258"
},
{
"category": "external",
"summary": "1640629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640629"
},
{
"category": "external",
"summary": "1640631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640631"
},
{
"category": "external",
"summary": "1641771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641771"
},
{
"category": "external",
"summary": "1643042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643042"
},
{
"category": "external",
"summary": "1643261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643261"
},
{
"category": "external",
"summary": "1643263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643263"
},
{
"category": "external",
"summary": "1643539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643539"
},
{
"category": "external",
"summary": "1643959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643959"
},
{
"category": "external",
"summary": "1644410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644410"
},
{
"category": "external",
"summary": "1645198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645198"
},
{
"category": "external",
"summary": "1645204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645204"
},
{
"category": "external",
"summary": "1646435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646435"
},
{
"category": "external",
"summary": "1646561",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646561"
},
{
"category": "external",
"summary": "1646564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646564"
},
{
"category": "external",
"summary": "1646571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646571"
},
{
"category": "external",
"summary": "1646599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646599"
},
{
"category": "external",
"summary": "1646604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646604"
},
{
"category": "external",
"summary": "1646605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646605"
},
{
"category": "external",
"summary": "1646606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646606"
},
{
"category": "external",
"summary": "1646613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646613"
},
{
"category": "external",
"summary": "1646629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646629"
},
{
"category": "external",
"summary": "1646646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646646"
},
{
"category": "external",
"summary": "1647056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647056"
},
{
"category": "external",
"summary": "1647108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647108"
},
{
"category": "external",
"summary": "1647188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647188"
},
{
"category": "external",
"summary": "1647489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647489"
},
{
"category": "external",
"summary": "1648674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648674"
},
{
"category": "external",
"summary": "1648948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648948"
},
{
"category": "external",
"summary": "1648955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648955"
},
{
"category": "external",
"summary": "1648991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648991"
},
{
"category": "external",
"summary": "1649033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649033"
},
{
"category": "external",
"summary": "1649380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649380"
},
{
"category": "external",
"summary": "1649419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649419"
},
{
"category": "external",
"summary": "1650691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1650691"
},
{
"category": "external",
"summary": "1651291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651291"
},
{
"category": "external",
"summary": "1651347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651347"
},
{
"category": "external",
"summary": "1651391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651391"
},
{
"category": "external",
"summary": "1653417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653417"
},
{
"category": "external",
"summary": "1653710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653710"
},
{
"category": "external",
"summary": "1654436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654436"
},
{
"category": "external",
"summary": "1654463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654463"
},
{
"category": "external",
"summary": "1655081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655081"
},
{
"category": "external",
"summary": "1655143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655143"
},
{
"category": "external",
"summary": "1655773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655773"
},
{
"category": "external",
"summary": "1656168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656168"
},
{
"category": "external",
"summary": "1656169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656169"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_3816.json"
}
],
"title": "Red Hat Security Advisory: CloudForms 4.6.6 security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-09-13T16:54:06+00:00",
"generator": {
"date": "2024-09-13T16:54:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2018:3816",
"initial_release_date": "2018-12-13T15:15:46+00:00",
"revision_history": [
{
"date": "2018-12-13T15:15:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-13T15:15:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T16:54:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CloudForms Management Engine 5.9",
"product": {
"name": "CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-contrib@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-devel@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-libs@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-plpython@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-test@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-pltcl@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-plperl@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-debuginfo@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-docs@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"product": {
"name": "postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"product_id": "postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96-server@9.6.10-1PGDG.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"product_id": "cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.6.5-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"product_id": "cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-common@5.9.6.5-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"product_id": "cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-debuginfo@5.9.6.5-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"product_id": "cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-tools@5.9.6.5-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"product": {
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"product_id": "cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.6.5-2.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"product": {
"name": "cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"product_id": "cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset-debuginfo@5.9.6.5-2.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"product_id": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.6.5-2.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"product_id": "cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.9.6.5-3.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.6.5-3.el7cf.x86_64",
"product": {
"name": "cfme-0:5.9.6.5-3.el7cf.x86_64",
"product_id": "cfme-0:5.9.6.5-3.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.6.5-3.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"product_id": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.2.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"product": {
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"product_id": "dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dbus-api-service@1.0.1-3.1.el7cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql96-0:9.6.10-1PGDG.el7at.src",
"product": {
"name": "postgresql96-0:9.6.10-1PGDG.el7at.src",
"product_id": "postgresql96-0:9.6.10-1PGDG.el7at.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql96@9.6.10-1PGDG.el7at?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.src",
"product": {
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.src",
"product_id": "cfme-appliance-0:5.9.6.5-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.6.5-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.src",
"product": {
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.src",
"product_id": "cfme-gemset-0:5.9.6.5-2.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.6.5-2.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"product_id": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.6.5-2.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.6.5-3.el7cf.src",
"product": {
"name": "cfme-0:5.9.6.5-3.el7cf.src",
"product_id": "cfme-0:5.9.6.5-3.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.6.5-3.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"product_id": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.2.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.src",
"product": {
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.src",
"product_id": "dbus-api-service-0:1.0.1-3.1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dbus-api-service@1.0.1-3.1.el7cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.6.5-3.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src"
},
"product_reference": "cfme-0:5.9.6.5-3.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.6.5-3.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64"
},
"product_reference": "cfme-0:5.9.6.5-3.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src"
},
"product_reference": "cfme-appliance-0:5.9.6.5-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.6.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src"
},
"product_reference": "cfme-gemset-0:5.9.6.5-2.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.6.5-2.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64"
},
"product_reference": "cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64"
},
"product_reference": "cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src"
},
"product_reference": "dbus-api-service-0:1.0.1-3.1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dbus-api-service-0:1.0.1-3.1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64"
},
"product_reference": "dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-0:9.6.10-1PGDG.el7at.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src"
},
"product_reference": "postgresql96-0:9.6.10-1PGDG.el7at.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
},
"product_reference": "postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the PostgreSQL project"
]
},
{
"names": [
"Tom Lane"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-1053",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2018-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1539619"
}
],
"notes": [
{
"category": "description",
"text": "This release of CloudForms corrects an issue invoked when running pg_upgrade by which attackers could read or modify the output of `pg_dumpall -g` in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current working directory, and the prevailing umask prevents attackers from opening the file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of PostgreSQL 9.x as shipped with Red Hat Satellite 5.x and CloudForms 5.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1053"
},
{
"category": "external",
"summary": "RHBZ#1539619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1053"
},
{
"category": "external",
"summary": "https://www.postgresql.org/about/news/1829/",
"url": "https://www.postgresql.org/about/news/1829/"
}
],
"release_date": "2018-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nIf the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask"
},
{
"cve": "CVE-2018-1058",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1547044"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: Uncontrolled search path element in pg_dump and other client applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of Postgresql as shipped with Red Hat Satellite 5. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1058"
},
{
"category": "external",
"summary": "RHBZ#1547044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058"
},
{
"category": "external",
"summary": "https://www.postgresql.org/about/news/1834/",
"url": "https://www.postgresql.org/about/news/1834/"
}
],
"release_date": "2018-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nIf the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
},
{
"category": "workaround",
"details": "Upstream suggests the following mitigation can be used to protect against this security flaw: \nhttps://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path",
"product_ids": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: Uncontrolled search path element in pg_dump and other client applications"
},
{
"acknowledgments": [
{
"names": [
"the PostgreSQL project"
]
},
{
"names": [
"Andrew Krasichkov"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-10915",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1609891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: Certain host connection parameters defeat client-side security defenses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable where an attacker can provide or influence connection parameters to a PostgreSQL client application using libpq. Contrib modules \"dblink\" and \"postgres_fdw\" are examples of applications affected by this flaw.\n\nRed Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\n\nThis issue affects the versions of the rh-postgresql95-postgresql package as shipped with Red Hat Satellite 5.7 and 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10915"
},
{
"category": "external",
"summary": "RHBZ#1609891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10915",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10915"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10915",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10915"
},
{
"category": "external",
"summary": "https://www.postgresql.org/about/news/1878/",
"url": "https://www.postgresql.org/about/news/1878/"
}
],
"release_date": "2018-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nIf the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: Certain host connection parameters defeat client-side security defenses"
},
{
"acknowledgments": [
{
"names": [
"the PostgreSQL project"
]
}
],
"cve": "CVE-2018-10925",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2018-08-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1612619"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\n\nThis issue affects the versions of the postsgresql package as shipped with Red Hat Satellite 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5.8. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10925"
},
{
"category": "external",
"summary": "RHBZ#1612619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10925",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10925"
},
{
"category": "external",
"summary": "https://www.postgresql.org/about/news/1878/",
"url": "https://www.postgresql.org/about/news/1878/"
}
],
"release_date": "2018-08-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nIf the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.6.5-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.6.5-3.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.src",
"7Server-RH7-CFME-5.9:dbus-api-service-0:1.0.1-3.1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.2.el7cf.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.src",
"7Server-RH7-CFME-5.9:postgresql96-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-contrib-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-debuginfo-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-devel-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-docs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-libs-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plperl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-plpython-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-pltcl-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-server-0:9.6.10-1PGDG.el7at.x86_64",
"7Server-RH7-CFME-5.9:postgresql96-test-0:9.6.10-1PGDG.el7at.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements"
}
]
}
Loading...