OESA-2024-2468 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2024-2467 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2024-2466 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2024-2430 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

OESA-2024-2427 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

[SECURITY] [DLA 3954-2] postgresql-13 - regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3954-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 21, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5812-2] postgresql-15 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5812-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 21, 2024 https://www.debian.org/security/faq -...

DSA-5812-2 postgresql-15 - regression update

Bulletin has no description...

DLA-3954-2 postgresql-13 - regression update

Bulletin has no description...

Versa Networks Versa Director insecure default PostgreSQL configuration

RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...

PostgreSQL 12.x < 12.21 / 13.x < 13.17 / 14.x < 14.14 / 15.x < 15.9 / 16.x < 16.5 / 17.x < 17.1 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 12 prior to 12.21, 13 prior to 13.17, 14 prior to 14.14, 15 prior to 15.9, 16 prior to 16.5, or 17 prior to 17.1. As such, it is potentially affected by multiple vulnerabilities : - Incorrect control of environment variables in PostgreSQL...

CVE-2024-42450

The Versa Director uses PostgreSQL Postgres to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres t...

CVE-2024-42450

The Versa Director uses PostgreSQL Postgres to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres t...

CVE-2024-42450

The Versa Director uses PostgreSQL Postgres to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres t...

CVE-2024-42450

CVE-2024-42450 affects Versa Networks Versa Director, where the Postgres database is configured by default to listen on all network interfaces and uses a common password across installations, creating an unauthenticated access risk to the database and potential filesystem reads for privilege esca...

postgresql bug fix and enhancement update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

SUSE-SU-2024:4019-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter was updated from version 1.0.1 to 1.0.8: - Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency in version 1.0.2 bsc1213933 - Bugs fixed: Require Go 1.20 when building for RedHat derivatives...

CVE-2024-10979

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables. Mitigation Currently the following options exist to help mitigate the impact of this...

CVE-2024-10977

A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...

CVE-2024-10976

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...