Postgresql: role pg_signal_backend can signal certain superuser processes.

...

CLSA-2024-1707822783 Fix CVE(s): CVE-2023-5868, CVE-2023-5870

SECURITY UPDATE: Memory disclosure in aggregate function calls - debian/patches/CVE-2023-5868.patch: Compute aggregate argument types correctly in transformAggregateCall. - CVE-2023-5868 SECURITY UPDATE: Role "pgsignalbackend" can signal certain superuser processes -...

USN-6570-1 postgresql-9.5 vulnerabilities

Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...

USN-6570-1: PostgreSQL vulnerabilities

Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

MGASA-2023-0324 Updated postgresql packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. CVE-2023-5868 Buffer overrun from integer overflow in array modification. CVE-2023-5869 Role pgsignalbackend can signal certain superuser processes. CVE-2023-5870...

FreeBSD : postgresql-server -- Role pg_cancel_backend can signal certain superuser processes (bbb18fcb-7f0d-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bbb18fcb-7f0d-11ee-94b4-6cc21735f730 advisory. - Role pgcancelbackend can signal certain superuser processesmore details CVE-2023-5870 Note that Nessu...

Vulnerability in core server (CVE-2023-5870)

Role "pgsignalbackend" can signal certain superuser processes Documentation says the pgsignalbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the...

PT-2023-6889 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to the pg signal backend role in PostgreSQL, which allows signaling certain superuser processes. This can be exploited by a remote high-privileged user to launch a...