Updated postgis packages fix security vulnerabilities
Publication date: 11 May 2015Modification date: 11 May 2015
Type: security
Affected Mageia releases : 4
Description
Updated postgis packages fix security vulnerability: The PostGIS Raster support in PostGIS before 2.1.3 may give more privileges to users than an administrator is willing to grant. These include reading files from the filesystem and opening connections to network hosts. The postgis package has been updated to version 2.1.7, fixing this issue and several other bugs. Please see the upstream release announcements and NEWS for more information.
References
- https://bugs.mageia.org/show_bug.cgi?id=15741
- http://postgis.net/2013/11/08/postgis-2.1.1
- http://postgis.net/2014/03/31/postgis-2.1.2
- http://postgis.net/2014/05/19/postgis-2.0.6_and_2.1.3
- http://postgis.net/2014/09/10/postgis-2.1.4
- http://postgis.net/2014/12/18/postgis-2.1.5
- http://postgis.net/2015/03/20/postgis-2.1.6
- http://postgis.net/2015/04/06/postgis-2.1.7
- http://svn.osgeo.org/postgis/tags/2.1.7/NEWS
- https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154704.html
SRPMS
4/core
- postgis-2.1.7-1.mga4