{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/debian10els/vex/2019/cve-2019-9193-els_os-debian10els.json" } ], "tracking": { "current_release_date": "2026-06-12T23:04:03Z", "generator": { "date": "2026-06-12T23:04:03Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2019-9193-ELS_OS-DEBIAN10ELS", "initial_release_date": "2019-04-01T21:30:00Z", "revision_history": [ { "date": "2019-04-01T21:30:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-12T23:04:03Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2019-9193" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian 10", "product": { "name": "Debian 10", "product_id": "Debian-10", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq-dev@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq-dev@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-dev@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-dev@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq5@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq5@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpgtypes3@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpgtypes3@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-server-dev-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-server-dev-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-compat3@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-compat3@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython3-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython3-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg6@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg6@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-pltcl-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-pltcl-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plperl-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plperl-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-client-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-client-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product_id": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-doc-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product_id": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-doc-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all as a component of Debian 10", "product_id": "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all" }, "product_reference": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all as a component of Debian 10", "product_id": "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all" }, "product_reference": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian 10", "product_id": "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-9193", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" }, "notes": [ { "category": "description", "text": "In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-9193" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html", "url": "http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html" }, { "category": "external", "summary": "https://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/", "url": "https://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/" }, { "category": "external", "summary": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5", "url": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5" }, { "category": "external", "summary": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/", "url": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20190502-0003/", "url": "https://security.netapp.com/advisory/ntap-20190502-0003/" }, { "category": "external", "summary": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/", "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/" } ], "release_date": "2019-04-01T21:30:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "date": "2026-06-12T13:03:45.280999Z", "details": "Not affected — CVE-2019-9193 is a disputed issue: PostgreSQL’s COPY … PROGRAM is an intended, privileged feature that only superusers or roles explicitly granted pg_execute_server_program can use, and it does not create a new privilege‑escalation or code‑execution path for ordinary users. Because superusers already have the ability to run operating system commands and pg_execute_server_program is not granted to non‑superusers by default, the affected code path is not exposed in standard PostgreSQL 11 deployments on Linux VMs/servers.", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ] } ] } ] }