postgresql: Client memory disclosure when connecting with Kerberos to modified server

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

Low: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE-SU-2023:4434-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Security issues fixed: CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value that is, a zero-terminated string at runtime...

[SECURITY] [DLA 3651-1] postgresql-11 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3651-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 14, 2023 https://wiki.debian.org/LTS -...

SUSE-SU-2023:4433-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Security issues fixed: CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value that is, a zero-terminated string at runtime...

Vulnerability of the array_append, array_prepend, and array_subscript_handler functions in the PostgreSQL database management system, related to integer overflow during array modifications, allowing attackers to execute arbitrary code.

The vulnerability of the arrayappend, arrayprepend, and arraysubscripthandler functions in the PostgreSQL database management system is related to integer overflow during array modification. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

RHEL 8 : libpq (RHSA-2023:7016)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7016 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

SUSE SLES12 Security Update : postgresql, postgresql15, postgresql16 (SUSE-SU-2023:4425-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4425-1 advisory. - PostgreSQL Project reports: Certain aggregate function calls receiving unknown-type arguments could disclose bytes of server memo...

Debian DSA-5553-1 : postgresql-15 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5553 advisory. Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate functio...

Debian DSA-5554-1 : postgresql-13 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5554 advisory. Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate functio...

Moderate: python27:2.7 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

Debian dla-3651 : libecpg-compat3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3651 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3651-1 [email protected]...

Debian: Security Advisory (DLA-3651-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2023:4418-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4418-1 advisory. - PostgreSQL Project reports: Certain aggregate function calls receiving unknown-type arguments could disclose bytes of server memo...

SUSE: Security Advisory (SUSE-SU-2023:4425-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3651-1 postgresql-11 - security update

Bulletin has no description...

ALSA-2023:7042 Moderate: python27:2.7 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

ALSA-2023:7016 Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

[SECURITY] [DSA 5554-1] postgresql-13 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5554-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2023 https://www.debian.org/security/faq -...