27 matches found
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql 13.16-1.el9_4
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql 13.16-1.el94 Vulnerability Details CVEID:CVE-2023-39418 DESCRIPTION: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined...
Advisory ROSA-SA-2024-2486
Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...
Oracle Linux 9 : postgresql:15 (ELSA-2024-6020)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6020 advisory. - Fix CVE-2024-0985 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 - Fixes CVE-2023-2454 and CVE-2023-2455...
openSUSE: Security Advisory for postgresql15 (SUSE-SU-2023:3347-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : postgresql:15 (ALSA-2023:7884)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7884 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-58...
Important: Red Hat Security Advisory: postgresql:15 security update
An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
postgresql:15 security update
pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 2128241 1.4.6-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688...
ALSA-2023:7884 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...
RHEL 8 : postgresql:15 (RHSA-2023:7884)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7884 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...
Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...
ALSA-2023:7785 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...
[SECURITY] [DSA 5553-1] postgresql-15 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5553-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2023 https://www.debian.org/security/faq -...
MGASA-2023-0261 Updated postgresql packages fix security vulnerability
Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...
Updated postgresql packages fix security vulnerability
Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...
Mageia: Security Advisory (MGASA-2023-0261)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql15 / etc (SUSE-SU-2023:3347-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3347-1 advisory. - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions...
SUSE: Security Advisory (SUSE-SU-2023:3342-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:3347-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059 - CVE-2023-39418: Fix MERGE to enforce row security. bsc1214061...
USN-6296-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : PostgreSQL vulnerabilities (USN-6296-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6296-1 advisory. It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREAT...