MiracleLinux 8 : postgresql:12 (AXSA:2024-9121:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9121:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 7 : postgresql-9.2.24-9.0.2.el7.AXS7 (AXSA:2025-9551:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9551:01 advisory. CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables CVEs: CVE-2024-10979 Incorrect control of environment variables in PostgreSQ...

TencentOS Server 4: postgresql (TSSA-2024:0887)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0887 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Advisory ROSA-SA-2025-3010

software: postgresql14 14.19 WASP: ROSA-CHROME unaffected versions = postgresql14-14.19-1 affected versions postgresql14-14.19-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

Important: postgresql

Issue Overview: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...

Photon OS 3.0: Postgresql13 PHSA-2024-3.0-0806

An update of the postgresql13 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0806. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Postgresql15 PHSA-2024-5.0-0419

An update of the postgresql15 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0419. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Postgresql13 PHSA-2024-4.0-0720

An update of the postgresql13 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0720. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Postgresql14 PHSA-2024-4.0-0720

An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0720. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Postgresql14 PHSA-2024-5.0-0419

An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0419. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Postgresql13 PHSA-2024-5.0-0419

An update of the postgresql13 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0419. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

postgresql security update

9.2.24-9.0.3 - Fixes CVE-2024-10979 where environment variable mutations Orabug: 37370704 - are incorrectly allowed from trusted PL/Perl code...

Oracle Linux 7 : postgresql (ELSA-2024-10882)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10882 advisory. - Fixes CVE-2024-10979 where environment variable mutations Orabug: 37370704 Tenable has extracted the preceding description block directly from the Oracle Lin...

RLSA-2024:10787 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

RLSA-2024:10788 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

postgresql:13 security update

An update is available for pgaudit, postgresql, module.pgaudit, pgrepack, module.postgres-decoderbufs, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2024:10832 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

RockyLinux 8 : postgresql:16 (RLSA-2024:10831)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10831 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...