Advisories ยป MGASA-2016-0085

Updated postgresql packages fix security vulnerabilities

Publication date: 02 Mar 2016
Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0766 , CVE-2016-0773

Description

Updated postgresql packages fix security vulnerabilities:

PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly
restrict access to unspecified custom configuration settings (GUCS) for
PL/Java, which allows attackers to gain privileges via unspecified vectors
(CVE-2016-0766).

PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 allows remote attackers
to cause a denial of service (infinite loop or buffer overflow and crash) via
a large Unicode character range in a regular expression (CVE-2016-0773).
                

References

SRPMS

5/core