Репост из: IT Security Alerts
⚠️ PostgreSQL - escalation of privileges
effected Versions: PostgreSQL < 9.3.22, PostgreSQL < 9.4.17, PostgreSQL < 9.5.12, PostgreSQL < 9.6.8, PostgreSQL < 10.3
The problem described in CVE-2018-1058 centers around the default "public" schema and how PostgreSQL uses the search_path setting. The attacker could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges.
Based on your setup, your installation is probably affected, but it may not be in imminent danger.
There are patches for several Distributions available. Today openSuse got an update.
Further information, samples and more: https://yt.gl/gqh7l
(severity: 🔹medium)
#alert #vulnerability #severityhigh #PostgreSQL #CVE-2018-1058
Feel free to discuss this in @itsectalk and let your local PostgreSQL admin know! ✉️📢
effected Versions: PostgreSQL < 9.3.22, PostgreSQL < 9.4.17, PostgreSQL < 9.5.12, PostgreSQL < 9.6.8, PostgreSQL < 10.3
The problem described in CVE-2018-1058 centers around the default "public" schema and how PostgreSQL uses the search_path setting. The attacker could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges.
Based on your setup, your installation is probably affected, but it may not be in imminent danger.
There are patches for several Distributions available. Today openSuse got an update.
Further information, samples and more: https://yt.gl/gqh7l
(severity: 🔹medium)
#alert #vulnerability #severityhigh #PostgreSQL #CVE-2018-1058
Feel free to discuss this in @itsectalk and let your local PostgreSQL admin know! ✉️📢