From: Marc Deslauriers
Date: Jun 21, 2019 12:05AM
PostgreSQL could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- postgresql-11: Object-relational SQL database
- postgresql-10: Object-relational SQL database
Details:
Alexander Lakhin discovered that PostgreSQL incorrectly handled
authentication. An authenticated attacker or a rogue server could use this
issue to cause PostgreSQL to crash, resulting in a denial of service, or
possibly execute arbitrary code. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
References:
https://usn.ubuntu.com/4027-1
CVE-2019-10164
沒有留言:
張貼留言