Lucene search

K
mageiaGentoo FoundationMGASA-2023-0324
HistoryNov 22, 2023 - 4:49 a.m.

Updated postgresql packages fix security vulnerabilities

2023-11-2204:49:25
Gentoo Foundation
advisories.mageia.org
19
postgresql
security
vulnerabilities
memory disclosure
buffer overrun
integer overflow
array modification
role
signal
superuser
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%

The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. (CVE-2023-5868) Buffer overrun from integer overflow in array modification. (CVE-2023-5869) Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%