AlmaLinux 9 : libpq (ALSA-2025:1738)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1738 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...

Oracle Linux 8 : postgresql:13 (ELSA-2025-1736)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1736 advisory. pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating postgres-decoderbufs 0.10.0-2 - Release bump for...

AlmaLinux 9 : postgresql (ALSA-2025:1742)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1742 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

Oracle Linux 8 : postgresql:16 (ELSA-2025-1740)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1740 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1...

Oracle Linux 9 : postgresql:16 (ELSA-2025-1743)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1743 advisory. pgaudit pgrepack 1.5.1-1 - Update to v1.5.1 pgvector 0.6.2-1 - Initial packaging postgres-decoderbufs postgresql 16.8-1 - Update to 16.8 - Fix CVE-2025-1094...

PostgreSQL 13.x < 13.19 / 14.x < 14.16 / 15.x < 15.11 / 16.x < 16.7 / 17.x < 17.3 SQLi

The version of PostgreSQL installed on the remote host is 13 prior to 13.19, 14 prior to 14.16, 15 prior to 15.11, 16 prior to 16.7, or 17 prior to 17.3. As such, it is potentially affected by a vulnerability : - Improper neutralization of quoting syntax in PostgreSQL libpq functions...

Oracle Linux 8 : postgresql:15 (ELSA-2025-1739)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1739 advisory. pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 pgrepack 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related:...

AlmaLinux 9 : postgresql:15 (ALSA-2025:1741)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1741 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

Azure Linux 3.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

CBL Mariner 2.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Oracle Linux 9 : postgresql:15 (ELSA-2025-1741)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1741 advisory. - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 - Fix CVE-2024-0985 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-3941...

postgresql:15 security update

pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 pgrepack 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 2128241 postgres-decoderbufs 1.9.7-1.Final - Iitial import for postgresql 15 stream - Related: 2128241 postgresql 15.12-1 - Update to 15....

postgresql:13 security update

pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating postgres-decoderbufs 0.10.0-2 - Release bump for rebuild against libpq-12.1-3 postgresql 13.20-1 - Update to 13.20 - Fix CVE-2025-1094...

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1 postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.8-1 - Update to 16.8 - Fix CVE-2025-10...

postgresql:16 security update

pgaudit pgrepack 1.5.1-1 - Update to v1.5.1 pgvector 0.6.2-1 - Initial packaging postgres-decoderbufs postgresql 16.8-1 - Update to 16.8 - Fix CVE-2025-1094...

Oracle Linux 9 : postgresql (ELSA-2025-1742)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1742 advisory. 13.18-1 - Update to 13.18 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not teste...

DLA-4052-2 postgresql-13 - regression update

Bulletin has no description...

CVE-2025-1094 affecting package postgresql for versions less than 14.16-1

CVE-2025-1094 affecting package postgresql for versions less than 14.16-1. An upgraded version of the package is available that resolves this issue...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...