important: libpq/binutils security update
important
An update for libpq/binutils is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
libpq:
binutils:
Security Fix(es):
libpq: A vulnerability was found in PostgreSQL. A Race condition in pg_dump allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser.(CVE-2024-7348)
libpq: A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refresh of untrusted materialized views. The attack requires luring the victim, a superuser or member of one of the attacker's roles, into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view.(CVE-2024-0985)
libpq: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.(CVE-2023-5869)
libpq: A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454)
libpq: A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH) via incorrect control of environment variables.(CVE-2024-10979)
libpq: bugfix
binutils: A vulnerability was found in GNU Binutils up to version 2.44 and affects the elf_gc_sweep function of the bfd/elflink.c file of the component ld. The manipulation leads to memory corruption and a program crash. An attacker must have local access to exploit this vulnerability. Upgrading to version 2.45 is advised to address this issue.(CVE-2025-5244)
binutils: A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.(CVE-2025-5245)
binutils: A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".(CVE-2025-11082)
binutils: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".(CVE-2025-11083)
binutils: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.05B5.