Lucene search

K
redhatRedHatRHSA-2023:7656
HistoryDec 05, 2023 - 3:53 p.m.

(RHSA-2023:7656) Important: postgresql:12 security update

2023-12-0515:53:00
access.redhat.com
15
postgresql
security
update
cve
buffer overrun
memory disclosure
sql injection
role pg_signal_backend

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.017

Percentile

88.1%

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

  • postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

  • postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

  • postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xpostgresql-server-devel< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-server-devel-12.17-1.module+el8.8.0+20722+3bb5d7ac.s390x.rpm
RedHatanyx86_64postgresql-plpython3-debuginfo< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-plpython3-debuginfo-12.17-1.module+el8.8.0+20722+3bb5d7ac.x86_64.rpm
RedHatanyppc64lepostgresql-debuginfo< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-debuginfo-12.17-1.module+el8.8.0+20722+3bb5d7ac.ppc64le.rpm
RedHatanyppc64lepostgresql-plpython3< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-plpython3-12.17-1.module+el8.8.0+20722+3bb5d7ac.ppc64le.rpm
RedHatanyppc64lepostgresql-docs< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-docs-12.17-1.module+el8.8.0+20722+3bb5d7ac.ppc64le.rpm
RedHatanyaarch64postgresql-plperl-debuginfo< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-plperl-debuginfo-12.17-1.module+el8.8.0+20722+3bb5d7ac.aarch64.rpm
RedHatanyaarch64postgresql-contrib-debuginfo< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-contrib-debuginfo-12.17-1.module+el8.8.0+20722+3bb5d7ac.aarch64.rpm
RedHatanyx86_64postgresql-pltcl-debuginfo< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-pltcl-debuginfo-12.17-1.module+el8.8.0+20722+3bb5d7ac.x86_64.rpm
RedHatanyppc64lepostgresql-upgrade-devel< 12.17-1.module+el8.8.0+20722+3bb5d7acpostgresql-upgrade-devel-12.17-1.module+el8.8.0+20722+3bb5d7ac.ppc64le.rpm
RedHatanyx86_64pg_repack-debugsource< 1.4.6-3.module+el8.5.0+11354+78b3c9c5pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
Rows per page:
1-10 of 1331

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.017

Percentile

88.1%