CentOS 8 : postgresql:12 (CESA-2023:4535)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4535 advisory. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certa...

ALSA-2023:4539 Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Oracle Linux 9 : postgresql (ELSA-2023-3714)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3714 advisory. 13.11-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35420628 13.11-1 - Update to 13.11 - Resolves: 2207935 Tenable has extracted th...

RHEL 9 : postgresql (RHSA-2023:3714)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3714 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

ALPINE-CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

Updated postgresql packages fix security vulnerability

CREATE SCHEMA ... schemaelement defeats protective searchpath changes. CVE-2023-2454 Row security policies disregard user ID changes after inlining. CVE-2023-2455...

FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b636f50-f011-11ed-bbae-6cc21735f730 advisory. - Row security policies disregard user ID changes after inliningmore details CVE-2023-2455 Note that...

PostgreSQL 11.x < 11.20 / 12.x < 12.15 / 13.x < 13.11 / 14.x < 14.8 / 15.x < 15.3 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 11 prior to 11.20, 12 prior to 12.15, 13 prior to 13.11, 14 prior to 14.8, or 15 prior to 15.3. As such, it is potentially affected by multiple vulnerabilities : - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore...

Vulnerability in core server (CVE-2023-2455)

Row security policies disregard user ID changes after inlining While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies ar...

postgresql-server -- Row security policies disregard user ID changes after inlining

PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...