postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 9 : postgresql:16 (RHSA-2024:10593)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10593 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerabilities (USN-7132-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7132-1 advisory. It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this...

RHEL 8 : postgresql:13 (RHSA-2024:10677)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10677 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

RHEL 8 : postgresql:12 (RHSA-2024:10705)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10705 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

RHEL 9 : postgresql (RHSA-2024:10595)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10595 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

SUSE-SU-2024:4098-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

Security update for postgresql12

This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

A Bootiful Podcast: PostgreSQL contributor Dave Cramer

Hi, Spring fans! Happy Thanksgiving to my American listeners! and happy Thursday to the everyone! In today's episode I talk to PostgreSQL and PostgreSQL JDBC contributor Dave Cramer. postgresql jdbc sql java...

Mageia: Security Advisory (MGASA-2024-0372)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0372 Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Buffer Overflow, Server Side Request Forgery SSRF and Improper Error Handling vulnerabilities. Please refer to the tabl...

openSUSE Security Advisory (SUSE-SU-2024:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...