CFEngine 3.12.2-3, 3.14.0-2 released (mitigating CVE-2019-10164)
Posted by: Nick Anderson
3.12.2 and 3.14.0. This release addresses CVE-2019-10164.
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are
vulnerable to a stack-based buffer overflow. Any authenticated user can overflow
a stack-based buffer by changing the user’s own password to a purpose-crafted
value. This often suffices to execute arbitrary code as the PostgreSQL operating
CFEngine Enterprise LTS versions 3.12.0, 3.12.1, 3.12.2-1, 3.12.2-2, and non-LTS
version 3.14.0 vendor PostgreSQL versions affected by this vulnerability. In the
default configuration as access to
local users must be achieved first.
The replacement hub packages can be found on the downloads page.
If you have any questions about this, please email firstname.lastname@example.org.