CVE-2024-10979 affecting package postgresql for versions less than 16.5-1

CVE-2024-10979 affecting package postgresql for versions less than 16.5-1. An upgraded version of the package is available that resolves this issue...

Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...

SUSE-SU-2024:4052-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

PostgreSQL libpq retains an error message from man-in-the-middle

...

PostgreSQL row security below e.g. subqueries disregards user ID changes

...

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

...

Postgresql: role pg_signal_backend can signal certain superuser processes.

...

Astra Linux – Vulnerability in PostgresSQL-15

Incorrect privilege assignments in PostgreSQL allow a less-privileged application user to view or modify rows that were not intended for them. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. The problem arises when an application query uses...

Astra Linux – Vulnerability in PostgresSQL-15

The use of server error messages by clients in PostgreSQL allows a server that is not trusted under current SSL or GSS settings to send arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message claiming that a human user or someone...

Astra Linux – Vulnerability in PostgresSQL-15

Incorrect control of environment variables in PostgreSQL PL/Perl allows a non-privileged database user to modify sensitive process environment variables e.g., PATH. This often sufficient to enable arbitrary code execution, even if the attacker does not have a role as a database server operating...

Astra Linux – Vulnerability in PostgresSQL-15

The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...

Astra Linux – Vulnerability in PostgresSQL-15

Lack of authorization in PostgreSQL’s built-in views, pgstatsext and pgstatsextexprs, allows a non-privileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. These common values may reveal column values that the eavesdropper would...

Astra Linux – Vulnerability in PostgresSQL-15

Incomplete tracking of tables with row security in PostgreSQL allows a reused query to view or modify different rows than intended. CVE-2023-2455 and CVE-2016-2193 addressed most issues related to interactions between row security and changes to user IDs. However, they did not cover cases where a...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10976)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10976 advisory. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

CBL Mariner 2.0 Security Update: postgresql (CVE-2023-5870)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5870 advisory. - A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers,...

CVE-2023-5870 affecting package postgresql for versions less than 14.14-1

CVE-2023-5870 affecting package postgresql for versions less than 14.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-10979 affecting package postgresql for versions less than 14.14-1

CVE-2024-10979 affecting package postgresql for versions less than 14.14-1. A patched version of the package is available...

CVE-2024-10976 affecting package postgresql for versions less than 14.14-1

CVE-2024-10976 affecting package postgresql for versions less than 14.14-1. An upgraded version of the package is available that resolves this issue...