{"id":"MGASA-2019-0204","summary":"Updated postgresql11 packages fix security vulnerabilities","details":"An authenticated user could create a stack-based buffer overflow by\nchanging their own password to a purpose-crafted value. In addition to\nthe ability to crash the PostgreSQL server, this could be further\nexploited to execute arbitrary code as the PostgreSQL operating system\naccount.\n\nAdditionally, a rogue server could send a specifically crafted message\nduring the SCRAM authentication process and cause a libpq-enabled client\nto either crash or execute arbitrary code as the client's operating\nsystem account. (CVE-2019-10164)\n\nMore than 25 other bugs have been fixed too, see referenced release\nnotes.\n","modified":"2026-01-30T22:55:57.358053Z","published":"2019-07-10T10:44:10Z","related":["CVE-2019-10164"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0204.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24996"},{"type":"REPORT","url":"https://www.postgresql.org/about/news/1949/"}],"affected":[{"package":{"name":"postgresql11","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql11?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0204.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}