SUSE-SU-2024:4063-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

PostgreSQL PL/Perl environment variable changes execute arbitrary code

...

The vulnerability of the Versa Director network infrastructure management software platform arises from the use of pre-installed credentials during configuration with PostgreSQL. This allows attackers to gain access to confidential data, enhance their privileges, and potentially execute arbitrary code.

The vulnerability of the Versa Director network infrastructure management software platform is related to the use of pre-installed credentials during configuration with PostgreSQL. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, enhance their...

SUSE: Security Advisory (SUSE-SU-2024:4052-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-10978 affecting package postgresql for versions less than 16.5-1

CVE-2024-10978 affecting package postgresql for versions less than 16.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-10979 affecting package postgresql for versions less than 16.5-1

CVE-2024-10979 affecting package postgresql for versions less than 16.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-10976 affecting package postgresql for versions less than 16.5-1

CVE-2024-10976 affecting package postgresql for versions less than 16.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-10977 affecting package postgresql for versions less than 16.5-1

CVE-2024-10977 affecting package postgresql for versions less than 16.5-1. An upgraded version of the package is available that resolves this issue...

Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...

SUSE-SU-2024:4052-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

PostgreSQL row security below e.g. subqueries disregards user ID changes

...

PostgreSQL libpq retains an error message from man-in-the-middle

...

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

...

Postgresql: role pg_signal_backend can signal certain superuser processes.

...

Astra Linux – Vulnerability in PostgresSQL-15

The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...

Astra Linux – Vulnerability in PostgresSQL-15

Incorrect control of environment variables in PostgreSQL PL/Perl allows a non-privileged database user to modify sensitive process environment variables e.g., PATH. This often sufficient to enable arbitrary code execution, even if the attacker does not have a role as a database server operating...

Astra Linux – Vulnerability in PostgresSQL-15

Lack of authorization in PostgreSQL’s built-in views, pgstatsext and pgstatsextexprs, allows a non-privileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. These common values may reveal column values that the eavesdropper would...

CBL Mariner 2.0 Security Update: postgresql (CVE-2023-5870)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5870 advisory. - A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers,...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...