[SECURITY] Fedora 43 Update: pgbouncer-1.25.2-1.fc43

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

[SECURITY] Fedora 44 Update: pgbouncer-1.25.2-1.fc44

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

OPENSUSE-SU-2026:10808-1 postgresql16-16.14-1.1 on GA media

These are all security issues fixed in the postgresql16-16.14-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10807-1 postgresql15-15.18-1.1 on GA media

These are all security issues fixed in the postgresql15-15.18-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10809-1 postgresql17-17.10-1.1 on GA media

These are all security issues fixed in the postgresql17-17.10-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10806-1 postgresql14-14.23-1.1 on GA media

These are all security issues fixed in the postgresql14-14.23-1.1 package on the GA media of openSUSE Tumbleweed...

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

...

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

PostgreSQL refint allows stack buffer overflow and SQL injection

...

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

...

PostgreSQL timeofday() can disclose portions of server memory

...

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

...

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

...

PostgreSQL server undersizes allocations, via integer wraparound

...

PostgreSQL discloses MD5-hashed passwords via covert timing channel

...

CVE-2026-41889

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

CVE-2026-7373 Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

Rapid7 Metasploit Pro 访问控制错误漏洞

Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...