ALT-PU-2019-2104-1
Package postgresql10 updated to version 10.9-alt1 for branch sisyphus in task 232681.
Closed vulnerabilities
Published: 2019-06-20
BDU:2019-02385
Множественные уязвимости системы управления базами данных PostgreSQL, вызванные переполнением буфера на стеке, позволяющие нарушителю выполнить произвольный код
Severity: HIGH (7.5)
Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-06-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1773
- openSUSE-SU-2019:1773
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- FEDORA-2019-9f04a701c0
- FEDORA-2019-9f04a701c0
- FEDORA-2019-e43f49b428
- FEDORA-2019-e43f49b428
- GLSA-202003-03
- GLSA-202003-03
- https://www.postgresql.org/about/news/1949/
- https://www.postgresql.org/about/news/1949/