Vulnerabilities > CVE-2019-10209 - Out-of-bounds Read vulnerability in Postgresql
Attack vector
NETWORK Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4090-1.NASL description Tom Lane discovered that PostgreSQL did not properly restrict functions declared as last seen 2020-06-01 modified 2020-06-02 plugin id 127806 published 2019-08-12 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127806 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities (USN-4090-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4090-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(127806); script_version("1.5"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-10208", "CVE-2019-10209"); script_xref(name:"USN", value:"4090-1"); script_xref(name:"IAVB", value:"2019-B-0072"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities (USN-4090-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Tom Lane discovered that PostgreSQL did not properly restrict functions declared as 'SECURITY DEFINER'. An attacker could use this to execute arbitrary SQL with the permissions of the function owner. (CVE-2019-10208) Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory). This issue only affected Ubuntu 19.04. (CVE-2019-10209). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4090-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected postgresql-10, postgresql-11 and / or postgresql-9.5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"postgresql-9.5", pkgver:"9.5.19-0ubuntu0.16.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"postgresql-10", pkgver:"10.10-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"postgresql-11", pkgver:"11.5-0ubuntu0.19.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-10 / postgresql-11 / postgresql-9.5"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-5FBBF73269.NASL description New upstream release 10.10 Per release notes: https://www.postgresql.org/docs/11/release-10-10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127934 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127934 title Fedora 29 : postgresql (2019-5fbbf73269) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-5fbbf73269. # include("compat.inc"); if (description) { script_id(127934); script_version("1.4"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-10208", "CVE-2019-10209", "CVE-2019-10211"); script_xref(name:"FEDORA", value:"2019-5fbbf73269"); script_name(english:"Fedora 29 : postgresql (2019-5fbbf73269)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New upstream release 10.10 Per release notes: https://www.postgresql.org/docs/11/release-10-10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5fbbf73269" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/11/release-10-10.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"postgresql-10.10-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql"); }
NASL family Databases NASL id POSTGRESQL_20190809.NASL description The version of PostgreSQL installed on the remote host is 11.x prior to 11.5. It is, therefore, affected by a memory disclosure vulnerability that allows an attacker to read arbitrary bytes of server memory. last seen 2020-06-01 modified 2020-06-02 plugin id 127906 published 2019-08-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127906 title PostgreSQL 11.x < 11.5 Memory disclosure in cross-type comparison for hashed subplan code # # (C) Tenable Network Security, Inc # include("compat.inc"); if (description) { script_id(127906); script_version("1.3"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2019-10209"); script_xref(name:"IAVB", value:"2019-B-0072"); script_name(english:"PostgreSQL 11.x < 11.5 Memory disclosure in cross-type comparison for hashed subplan"); script_summary(english:"Checks the version of PostgreSQL."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of PostgreSQL installed on the remote host is 11.x prior to 11.5. It is, therefore, affected by a memory disclosure vulnerability that allows an attacker to read arbitrary bytes of server memory."); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1960/"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/11/release-11-5.html"); script_set_attribute(attribute:"solution", value: "Upgrade to PostgreSQL version 11.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10209"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("postgresql_version.nbin"); script_require_ports("Services/postgresql", 5432); exit(0); } include('vcf.inc'); include('backport.inc'); app = 'PostgreSQL'; port = get_service(svc:'postgresql', default:5432, exit_on_fail:TRUE); kb_base = 'database/' + port + '/postgresql/'; kb_ver = kb_base + 'version'; get_kb_item_or_exit(kb_ver); kb_backport = NULL; source = get_kb_item_or_exit(kb_base + 'source'); get_backport_banner(banner:source); if (backported) kb_backport = kb_base + 'backported'; app_info = vcf::get_app_info(app:app, port:port, kb_ver:kb_ver, kb_backport:kb_backport, service:TRUE); constraints = [ { 'min_version' : '11.0', 'fixed_version' : '11.5' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9DE4C1C1B9EE11E982AA6CC21735F730.NASL description The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length( last seen 2020-06-01 modified 2020-06-02 plugin id 127549 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127549 title FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2020 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(127549); script_version("1.4"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-10208", "CVE-2019-10209"); script_xref(name:"IAVB", value:"2019-B-0072"); script_name(english:"FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length('foo'::varchar)` and `length('foo')` are inexact, while `length('foo'::text)` is exact. As part of exploiting this vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a `pg_temp` schema. The attack pattern and fix are similar to that for CVE-2007-2138. Writing `SECURITY DEFINER` functions continues to require following the considerations noted in the documentation : https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREA TEFUNCTION-SECURITY Versions Affected: 11 In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples." ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/about/news/1960/" ); # https://vuxml.freebsd.org/freebsd/9de4c1c1-b9ee-11e9-82aa-6cc21735f730.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a61e8eba" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql10-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql94-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql95-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql96-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"postgresql11-server<11.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql10-server<10.10")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql96-server<9.6.15")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql95-server<9.5.19")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql94-server<9.4.24")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2019-986FCE48B4.NASL description New upstream release 11.5 Per release notes: https://www.postgresql.org/docs/11/release-11-5.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127939 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127939 title Fedora 30 : libpq / postgresql (2019-986fce48b4) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4493.NASL description Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/ last seen 2020-06-01 modified 2020-06-02 plugin id 127489 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127489 title Debian DSA-4493-1 : postgresql-11 - security update