MGASA-2023-0064 Updated postgresql packages fix security vulnerability

Client memory disclosure when connecting, with Kerberos, to modified server. CVE-2022-41862...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-activerecord-5_1 (SUSE-SU-2023:0492-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0492-1 advisory. - A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a...

SUSE-SU-2023:0492-1 Security update for rubygem-activerecord-5_1

This update for rubygem-activerecord-51 fixes the following issues: - CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter bsc1207450...

Amazon Linux 2 : postgresql (ALAS-2023-1949)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1949 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a...

SUSE-SU-2023:0479-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq bsc1208102. - Update to 12.13 bsc1205300...

K48209417: PostgreSQL vulnerabilities CVE-2018-10915 and CVE-2018-10925

Security Advisory Description CVE-2018-10915 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrust...

K16976: PHP vulnerability CVE-2015-1352

Security Advisory Description The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service. CVE-2015-1352 Impact There is no impact; F5 products are...

K69124112: PostgreSQL JDBC vulnerability CVE-2022-21724

Security Advisory Description pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc...

K98201023: PostgreSQL vulnerability CVE-2018-16850

Security Advisory Description postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

K34120074: PostgreSQL vulnerability CVE-2020-1720

Security Advisory Description A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to...

K10224912: PostgreSQL vulnerability CVE-2019-10208

Security Advisory Description A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE...

K53632470: PostgreSQL vulnerabilities CVE-2020-25694, CVE-2020-25695

Security Advisory Description CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while droppi...

K23157312: PostgreSQL vulnerability CVE-2020-13692

Security Advisory Description PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. CVE-2020-13692 Impact F5 does not know of any specific F5 attack vectors; however, the threat could theoretically affect system availability and data confidentiality. Security Advisory Status F5 Product...

K72430453: PostgreSQL vulnerability CVE-2020-25696

Security Advisory Description A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

Medium: postgresql

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2023:0451-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:0451-1 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

SUSE-SU-2023:0451-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files bsc1206921...

OPENSUSE-SU-2023:0053-1 Security update for timescaledb

This update for timescaledb fixes the following issues: timescaledb was updated to version 2.9.3 - https://github.com/timescale/timescaledb/releases/tag/2.9.3 - enable postgresql15 build - https://github.com/timescale/timescaledb/releases/tag/2.9.2 -...