SUSE-SU-2026:20921-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: - Update to version 18.3. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

OPENSUSE-SU-2026:20408-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: - Update to version 18.3. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

SUSE-SU-2026:20906-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

OPENSUSE-SU-2026:20388-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

CLSA-2026-1773160910 postgresql: Fix of 3 CVEs

CVE-2026-2004: require superuser to install non-built-in selectivity estimators and harden intarray intmatchsel against wrong operator type - CVE-2026-2005: fix heap buffer overflow in pgcrypto PGP public-key decryption by validating session key length - CVE-2026-2006: fix multibyte character...

SUSE: Security Advisory (SUSE-SU-2019:1687-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

RHEL 8 : postgresql:9.6 (RHSA-2020:5661)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5661 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Authorization Bypass

postgresql is vulnerable to authroization bypass. The selectivity estimators allows an attacker to bypass row security policies and view common values of certain columns...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

Security update for postgresql96 (moderate)

openSUSE Security Update: Security update for postgresql96 Announcement ID: openSUSE-SU-2019:1668-1 Rating: moderate References: 1134689 Cross-References: CVE-2019-10130 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for...

USN-3972-1 postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities

It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. CVE-2019-10129 Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. ...

Vulnerability in core server (CVE-2019-10130)

Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could...

postgresql: Selectivity estimators bypass SELECT privilege checks

It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...

postgresql: Selectivity estimators bypass SELECT privilege checks

It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...

postgresql: Selectivity estimators bypass SELECT privilege checks

It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...

Updated postgresql9.4 packages fix security vulnerabilities

Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...