CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

Rocky Linux 8 : postgresql:10 (RLSA-2022:4805)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4805 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Rocky Linux 8 : postgresql:12 (RLSA-2022:4807)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4807 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2023-002)

The version of postgresql installed on the remote host is prior to 14.3-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2023-002 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-002)

The version of postgresql installed on the remote host is prior to 11.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL11-2023-002 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not...

Amazon Linux 2022 : postgresql14, postgresql14-contrib, postgresql14-llvmjit (ALAS2022-2022-124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-124 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH...

Design/Logic Flaw

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

AlmaLinux 8 : postgresql:10 (ALSA-2022:4805)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4805 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

ROS-20220530-02

Vulnerabilities in the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to a maintenance error in one component. pgamcheck components of PostgreSQL database management system are related to...

SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2022:1874-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1874-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another...

Debian DLA-2478-1 : postgresql-9.6 security update

Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694 Peter Eisentraut found that database reconnections may drop options from the original connection, such as encryption, which could lead to information disclosure or a man-in-the-middle attack. CVE-2020-25695...

[SECURITY] [DLA 2478-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2478-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2331-1 : posgresql-9.6 security update

Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain CREATE EXTENSION' statements. For Debian 9 stretch, this problem has been fixed in version...