Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
External References: https://www.postgresql.org/support/security/
Created mingw-postgresql tracking bugs for this issue: Affects: epel-7 [bug 1723414] Affects: fedora-all [bug 1723412] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1723413]
Patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=90adc16ea13750a6b6f704c6cf65dc0f1bdb845c https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d72a7e4da1001b29a661a4b1a52cb5c4d708bab0
Hello, May I know if Linux PostgreSQL 7.1beta6 version is also affected and requires this fix? Any heads up will be appreciated. Thank you in advance. Best Regards,
(In reply to Trupti Pardeshi from comment #8) > Hello, > > May I know if Linux PostgreSQL 7.1beta6 version is also affected and > requires this fix? Any heads up will be appreciated. > > Thank you in advance. > > Best Regards, Gentle Reminder.. Awaiting for your response.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0980 https://access.redhat.com/errata/RHSA-2020:0980
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10164
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3669 https://access.redhat.com/errata/RHSA-2020:3669
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5664 https://access.redhat.com/errata/RHSA-2020:5664
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0166 https://access.redhat.com/errata/RHSA-2021:0166