ALT-BU-2019-3756-1
Branch p9 update bulletin.
Package rake-compiler updated to version 1.0.7-alt3 for branch p9 in task 232751.
Closed bugs
Опять сломан генератор зависимостей
Package ruby-artifactory-client updated to version 3.0.1-alt1 for branch p9 in task 232751.
Closed bugs
Опять сломан генератор зависимостей
Package ruby-google-api updated to version 0.30.2-alt1 for branch p9 in task 232751.
Closed bugs
Опять сломан генератор зависимостей
Package postgresql11 updated to version 11.4-alt1 for branch p9 in task 232772.
Closed vulnerabilities
BDU:2019-02385
Множественные уязвимости системы управления базами данных PostgreSQL, вызванные переполнением буфера на стеке, позволяющие нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
- openSUSE-SU-2019:1773
- openSUSE-SU-2019:1773
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- FEDORA-2019-9f04a701c0
- FEDORA-2019-9f04a701c0
- FEDORA-2019-e43f49b428
- FEDORA-2019-e43f49b428
- GLSA-202003-03
- GLSA-202003-03
- https://www.postgresql.org/about/news/1949/
- https://www.postgresql.org/about/news/1949/
Package postgresql10 updated to version 10.9-alt1 for branch p9 in task 232772.
Closed vulnerabilities
BDU:2019-02385
Множественные уязвимости системы управления базами данных PostgreSQL, вызванные переполнением буфера на стеке, позволяющие нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
- openSUSE-SU-2019:1773
- openSUSE-SU-2019:1773
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- FEDORA-2019-9f04a701c0
- FEDORA-2019-9f04a701c0
- FEDORA-2019-e43f49b428
- FEDORA-2019-e43f49b428
- GLSA-202003-03
- GLSA-202003-03
- https://www.postgresql.org/about/news/1949/
- https://www.postgresql.org/about/news/1949/
Package postgresql10-1C updated to version 10.9-alt1 for branch p9 in task 232772.
Closed vulnerabilities
BDU:2019-02385
Множественные уязвимости системы управления базами данных PostgreSQL, вызванные переполнением буфера на стеке, позволяющие нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
- openSUSE-SU-2019:1773
- openSUSE-SU-2019:1773
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- FEDORA-2019-9f04a701c0
- FEDORA-2019-9f04a701c0
- FEDORA-2019-e43f49b428
- FEDORA-2019-e43f49b428
- GLSA-202003-03
- GLSA-202003-03
- https://www.postgresql.org/about/news/1949/
- https://www.postgresql.org/about/news/1949/
Closed bugs
segfault during IO cleanup when glibc 2.0 compatibilty is used
Package thunderbird updated to version 60.7.2-alt1 for branch p9 in task 232834.
Closed vulnerabilities
BDU:2019-02947
Уязвимость браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, существующая из-за недостаточной проверки параметров в сообщениях Prompt:Open IPC между дочерним и родительским процессами, позволяющая нарушителю выполнить произвольный код
BDU:2019-03613
Уязвимость метода Array.pop почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
- GLSA-201908-12
- GLSA-201908-12
- https://www.mozilla.org/security/advisories/mfsa2019-18/
- https://www.mozilla.org/security/advisories/mfsa2019-18/
- https://www.mozilla.org/security/advisories/mfsa2019-20/
- https://www.mozilla.org/security/advisories/mfsa2019-20/
Modified: 2024-11-21
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
- http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html
- http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1559858
- https://bugzilla.mozilla.org/show_bug.cgi?id=1559858
- GLSA-201908-12
- GLSA-201908-12
- https://www.mozilla.org/security/advisories/mfsa2019-19/
- https://www.mozilla.org/security/advisories/mfsa2019-19/
- https://www.mozilla.org/security/advisories/mfsa2019-20/
- https://www.mozilla.org/security/advisories/mfsa2019-20/