Design/Logic Flaw

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

CVE-2023-5870

Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...

Security Bulletin: A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl affects Data Replication on Cloud Pak for Data

Summary A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010x8664.whl has been addressed. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName...

Security Bulletin: A vulnerability in github.com/golang/text/language-v0.3.0 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the package github.com/golang/text/language-v0.3.0 has been addressed. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

Release Information for Veeam Backup & Replication 12.1 and Updates

This update was superseded by Veeam Backup & Replication 12.3. Release Information 12.1.2.172 2024-05-21 Security Vulnerabilities Indicated severity values are CVSS 3.1 scores. Veeam Backup Enterprise Manager VBEM CVE-2024-29849 | Severity: Critical 9.8 This vulnerability in VBEM allows an...

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

MGASA-2023-0327 Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Fedora: Security Advisory for galera (FEDORA-2023-7fe02ec473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: galera-26.4.16-1.fc37

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 38 Update: galera-26.4.16-1.fc38

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 39 Update: galera-26.4.16-1.fc39

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

The vulnerability of the replication function of Docker, a tool for automating the deployment and management of applications in containerized environments, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the replication function of Docker’s containerization and application deployment/management tools is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

Security Bulletin: A systemd vulnerability affects Data Replication on Cloud Pak for Data (CVE-2022-4415)

Summary This bulletin covers a vulnerability finding in the systemd package used with this product. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain sensitive information, caused by not respecting fs.suiddumpable kernel setting in...

Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in Node.js http-cache-semantics package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of...