MGASA-2024-0372

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0372.html

Import Source

https://advisories.mageia.org/MGASA-2024-0372.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0372

Related

CVE-2024-10976
CVE-2024-10977
CVE-2024-10978
CVE-2024-10979

Published

2024-11-27T19:59:10Z

Modified

2024-11-27T19:23:18Z

Summary

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

Details

PostgreSQL row security below e.g. subqueries disregards user ID changes. (CVE-2024-10976) PostgreSQL libpq retains an error message from man-in-the-middle. (CVE-2024-10977) PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. (CVE-2024-10978) PostgreSQL PL/Perl environment variable changes execute arbitrary code. (CVE-2024-10979)

References

https://advisories.mageia.org/MGASA-2024-0372.html
https://bugs.mageia.org/show_bug.cgi?id=33779
https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0372

Affected packages