Lucene search

K
centosCentOS ProjectCESA-2023:7783
HistoryJan 12, 2024 - 7:13 p.m.

postgresql security update

2024-01-1219:13:08
CentOS Project
lists.centos.org
378
centos
postgresql
security fix
buffer overrun
cve
red hat
dbms

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

86.7%

CentOS Errata and Security Advisory CESA-2023:7783

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2024-January/099178.html

Affected packages:
postgresql
postgresql-contrib
postgresql-devel
postgresql-docs
postgresql-libs
postgresql-plperl
postgresql-plpython
postgresql-pltcl
postgresql-server
postgresql-static
postgresql-test
postgresql-upgrade

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:7783

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

86.7%