{ "schema_version": "1.7.0", "id": "MGASA-2015-0207", "published": "2015-05-11T20:10:38Z", "modified": "2015-05-11T19:57:11Z", "summary": "Updated postgis packages fix security vulnerabilities", "details": "Updated postgis packages fix security vulnerability:\n\nThe PostGIS Raster support in PostGIS before 2.1.3 may give more privileges\nto users than an administrator is willing to grant. These include reading\nfiles from the filesystem and opening connections to network hosts.\n\nThe postgis package has been updated to version 2.1.7, fixing this issue and\nseveral other bugs.\n\nPlease see the upstream release announcements and NEWS for more information.\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0207.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=15741" }, { "type": "WEB", "url": "http://postgis.net/2013/11/08/postgis-2.1.1" }, { "type": "WEB", "url": "http://postgis.net/2014/03/31/postgis-2.1.2" }, { "type": "WEB", "url": "http://postgis.net/2014/05/19/postgis-2.0.6_and_2.1.3" }, { "type": "WEB", "url": "http://postgis.net/2014/09/10/postgis-2.1.4" }, { "type": "WEB", "url": "http://postgis.net/2014/12/18/postgis-2.1.5" }, { "type": "WEB", "url": "http://postgis.net/2015/03/20/postgis-2.1.6" }, { "type": "WEB", "url": "http://postgis.net/2015/04/06/postgis-2.1.7" }, { "type": "WEB", "url": "http://svn.osgeo.org/postgis/tags/2.1.7/NEWS" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154704.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "postgis", "purl": "pkg:rpm/mageia/postgis?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.7-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }