Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

ALSA-2023:2860 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

RHEL 8 : postgresql-jdbc (RHSA-2023:2867)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2867 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b636f50-f011-11ed-bbae-6cc21735f730 advisory. - Row security policies disregard user ID changes after inliningmore details CVE-2023-2455 Note that...

SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2023:2200-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2200-1 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authe...

SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2023:2202-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2202-1 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authe...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2023:2201-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2201-1 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authe...

CentOS 8 : postgresql-jdbc (CESA-2023:2867)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2867 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

FreeBSD : postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes (fbb5a260-f00f-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fbb5a260-f00f-11ed-bbae-6cc21735f730 advisory. - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore details CVE-2023-2454 Note...

Path traversal

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

CVE-2023-31131 Arbitrary File Write when Extracting Tarballs in greenplum-db

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

CVE-2023-31131 Arbitrary File Write when Extracting Tarballs in greenplum-db

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

CVE-2023-31131

CVE-2023-31131 affects Greenplum Database (GPDB). The vulnerability arises from unsafe tar extraction within GPPKGs in versions prior to 6.22.3, enabling a path traversal that can lead to arbitrary file writes. An attacker could overwrite data or system files, potentially causing crashes or malfu...

Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...

SUSE-SU-2023:2207-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that could...

SUSE-SU-2023:2206-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that could...

SUSE-SU-2023:2205-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that could...

SUSE-SU-2023:2202-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that could...

SUSE-SU-2023:2200-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Updated to version 12.15: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that coul...