Updated postgresql15 & postgresql13 packages fix security vulnerabilities
Publication date: 27 Nov 2024Modification date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10976 , CVE-2024-10977 , CVE-2024-10978 , CVE-2024-10979
Description
PostgreSQL row security below e.g. subqueries disregards user ID
changes. (CVE-2024-10976)
PostgreSQL libpq retains an error message from man-in-the-middle.
(CVE-2024-10977)
PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID.
(CVE-2024-10978)
PostgreSQL PL/Perl environment variable changes execute arbitrary code.
(CVE-2024-10979)
References
- https://bugs.mageia.org/show_bug.cgi?id=33779
- https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
- https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10979
SRPMS
9/core
- postgresql15-15.10-1.mga9
- postgresql13-13.18-1.mga9