Updated postgresql11 packages fix security vulnerabilities
Publication date: 10 Jul 2019Modification date: 10 Jul 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10164
Description
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. (CVE-2019-10164) More than 25 other bugs have been fixed too, see referenced release notes.
References
SRPMS
7/core
- postgresql11-11.4-1.mga7