Updated postgresql packages fix security vulnerabilities
Publication date: 02 Mar 2016Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0766 , CVE-2016-0773
Description
Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors (CVE-2016-0766). PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression (CVE-2016-0773).
References
SRPMS
5/core
- postgresql9.3-9.3.11-1.mga5
- postgresql9.4-9.4.6-1.mga5