Design/Logic Flaw

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

CVE-2023-5870

Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...

Security Bulletin: A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl affects Data Replication on Cloud Pak for Data

Summary A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010x8664.whl has been addressed. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName...

Security Bulletin: A vulnerability in github.com/golang/text/language-v0.3.0 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the package github.com/golang/text/language-v0.3.0 has been addressed. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

Release Information for Veeam Backup & Replication 12.1 and Updates

This update was superseded by Veeam Backup & Replication 12.3. Release Information 12.1.2.172 2024-05-21 Security Vulnerabilities Indicated severity values are CVSS 3.1 scores. Veeam Backup Enterprise Manager VBEM CVE-2024-29849 | Severity: Critical 9.8 This vulnerability in VBEM allows an...

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

MGASA-2023-0327 Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Fedora: Security Advisory for galera (FEDORA-2023-7fe02ec473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: galera-26.4.16-1.fc37

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 38 Update: galera-26.4.16-1.fc38

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 39 Update: galera-26.4.16-1.fc39

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

Security Bulletin: A systemd vulnerability affects Data Replication on Cloud Pak for Data (CVE-2022-4415)

Summary This bulletin covers a vulnerability finding in the systemd package used with this product. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain sensitive information, caused by not respecting fs.suiddumpable kernel setting in...

Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in Node.js http-cache-semantics package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of...

PT-2023-6889 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to the pg signal backend role in PostgreSQL, which allows signaling certain superuser processes. This can be exploited by a remote high-privileged user to launch a...