143 matches found
ALSA-2022:1891 Low: libpq security update
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: libpq processes unencrypted bytes from man-in-the-middle CVE-2021-23222 For more details about the security issues, including the impact, a CVSS...
libpq security update
An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...
Denial of Service (DoS)
Overview libpq is a node native bindings to the PostgreSQL libpq C client library. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native ...
ALEA-2021:2421 libpq bug fix and enhancement update
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...
libpq bug fix and enhancement update
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...
Important: Red Hat Security Advisory: libpq security update
An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: libpq security update
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 12.5. BZ1898228, BZ1901558 Security Fixes: postgresql: Reconnection can downgrade connection securi...
The vulnerability of the client component of the PostgreSQL database management system allows a hacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the client component of the PostgreSQL database management system is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
NewStart CGSL CORE 5.04 / MAIN 5.04 : postgresql Vulnerability (NS-SA-2019-0036)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has postgresql packages installed that are affected by a vulnerability: - A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If...
Debian DLA-1642-1 : postgresql-9.4 new minor release
The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 'Jessie', this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly fro...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
Amazon Linux AMI : postgresql96 (ALAS-2018-1119)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
USN-3744-1 postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities
Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
DBD::PgPP vulnerable to SQL injection
Overview DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Toshiharu Sugiyama reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If DBD::Pg...
FreeBSD Ports: postgresql-client
The remote host is missing an update to the system as announced in the referenced advisory. VID 174b8864-6237-11e1-be18-14dae938ec40 OpenVAS Vulnerability Test $ Description: Auto generated from VID 174b8864-6237-11e1-be18-14dae938ec40 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: postgresql-client
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...