- Vulnerability/
- RHSA-2018:2565
RHSA-2018:2565: Important: rh-postgresql10-postgresql security update
First published: Mon Aug 27 2018(Updated: )
PostgreSQL is an advanced object-relational database management system (DBMS).<br>The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.5). (BZ#1612673, BZ#1614337)<br>Security Fix(es):<br><li> postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)</li> <li> postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925)</li> <li> postgresql: Too-permissive access control list on function pg_logfile_rotate() (CVE-2018-1115)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Stephen Frost as the original reporter of CVE-2018-1115.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-postgresql10-postgresql | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-debuginfo | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-devel | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-docs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-libs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plperl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plpython | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-pltcl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-static | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-test | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-debuginfo | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-devel | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-docs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-libs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plperl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plpython | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-pltcl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-static | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-test | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-contrib-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-debuginfo | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-devel | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-docs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-libs | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plperl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-plpython | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-pltcl | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-server-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-static | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-syspaths | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql-test | <10.5-1.el7 | 10.5-1.el7 |
| redhat/rh-postgresql10-postgresql | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-contrib | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-contrib-syspaths | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-debuginfo | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-devel | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-docs | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-libs | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-plperl | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-plpython | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-pltcl | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-server | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-server-syspaths | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-static | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-syspaths | <10.5-1.el7.aa | 10.5-1.el7.aa |
| redhat/rh-postgresql10-postgresql-test | <10.5-1.el7.aa | 10.5-1.el7.aa |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2018:2565?
The severity of RHSA-2018:2565 is classified as moderate.
How do I fix RHSA-2018:2565?
To fix RHSA-2018:2565, update your PostgreSQL packages to version 10.5-1.el7 or later.
What software is affected by RHSA-2018:2565?
The affected software for RHSA-2018:2565 includes various PostgreSQL packages such as rh-postgresql10-postgresql, rh-postgresql10-postgresql-contrib, and their associated components.
When was RHSA-2018:2565 released?
RHSA-2018:2565 was released on December 5, 2018.
What vulnerabilities does RHSA-2018:2565 address?
RHSA-2018:2565 addresses vulnerabilities related to host connection parameters in PostgreSQL.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2018:2565
- agent/software-canonical-lookup
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat