SUSE-SU-2025:02463-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML...

SUSE-SU-2025:02462-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.3.23: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP...

SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2025:01783-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01783-2 advisory. Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...

Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

How to Install and Configure PgBouncer for Veeam Backup for Microsoft 365

PgBouncer must not be deployed on the machine where Veeam Backup for Microsoft 365 is installed. This article is intended only for deployments where the PostgreSQL Instance used by Veeam Backup for Microsoft 365 is hosted on its own dedicated server. For deployments of Veeam Backup for Microsoft...

BIT-PHP-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

DEBIAN-CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

AZL-65124 CVE-2025-1735 affecting package php for versions less than 8.1.33-1

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

AZL-65121 CVE-2025-1735 affecting package php for versions less than 8.3.23-1

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

UBUNTU-CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

CVE-2025-1735 affects PHP pgsql and pdo_pgsql escaping functions across PHP 8.1–8.4 that do not check errors from underlying quoting functions, potentially causing crashes if the Postgres server rejects input. Affected: PHP 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.*. Roo...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, prior to 8.2.29, prior to 8.3.23, and prior to 8.4.10, which stems from a failure of the pgsql and pdopgsql escape functions to check if a referenced function is...

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

...

Endress+Hauser MEAC300-FNADE4 Information Disclosure Vulnerability

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from an information disclosure vulnerability that originates from local PostgreSQL database credentials stored in plaintext. An attacker...

Azure Linux 3.0 Security Update: postgresql (CVE-2025-4207)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4207 advisory. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve...

CBL Mariner 2.0 Security Update: postgresql (CVE-2025-4207)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4207 advisory. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve...

CVE-2025-4207 affecting package postgresql for versions less than 16.9-1

CVE-2025-4207 affecting package postgresql for versions less than 16.9-1. An upgraded version of the package is available that resolves this issue...