PT-2025-33269

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: Improper neutralization of newlines in pg dump allows a...

PT-2025-33268

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...

SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:01782-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01782-2 advisory. Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2025:01786-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01786-2 advisory. Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validatio...

BIT-LIBPHP-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

BIT-LIBPHP-2022-31625 Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

SUSE-SU-2025:01786-2 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...

SUSE-SU-2025:01782-2 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/...

Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication

Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...

Linux Distros Unpatched Vulnerability : CVE-2025-1735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

pgsql extension does not check for errors during escaping

...

Linux Distros Unpatched Vulnerability : CVE-2025-49146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to require...

Advisory ROSA-SA-2025-2911

software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-9.5.2 affected versions postgresql-9.5.2 CVE-ID: CVE-2016-2193 BDU-ID: 2016-00974 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to errors in security settings...

Advisory ROSA-SA-2025-2910

software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-12.22-1 affected versions postgresql-12.22-1 CVE-ID: CVE-2023-2455 BDU-ID: 2023-03024 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to...

CLSA-2025-1753982448 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

Security update 5.1.0 GM for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...

CLSA-2025-1753953101 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...