AVG-486

Package postgresql-old-upgrade
Status Fixed
Severity Medium
Type multiple issues
Affected 9.6.5-1
Fixed 9.6.6-1
Current 10.6-1 [extra]
Ticket None
Created Fri Nov 10 11:35:43 2017
Issue Severity Remote Type Description
CVE-2017-15099 Medium Yes Access restriction bypass
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing...
CVE-2017-15098 Medium Yes Information disclosure
A denial of service and potential memory disclosure vulnerability has been discovered in PostgreSQL in the json_populate_recordset() and...
Date Advisory Package Description
10 Nov 2017 ASA-201711-18 postgresql-old-upgrade multiple issues
References
https://www.postgresql.org/about/news/1801/