MGASA-2019-0204

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0204.html

Import Source

https://advisories.mageia.org/MGASA-2019-0204.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0204

Related

CVE-2019-10164

Published

2019-07-10T10:44:10Z

Modified

2019-07-10T10:02:33Z

Summary

Updated postgresql11 packages fix security vulnerabilities

Details

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.

Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. (CVE-2019-10164)

More than 25 other bugs have been fixed too, see referenced release notes.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / postgresql11

Package

Name: postgresql11
Purl: pkg:rpm/mageia/postgresql11?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.4-1.mga7

Ecosystem specific

{
    "section": "core"
}