Download
| Alert*
|
oval:org.secpod.oval:def:89045778
This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake . - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshak ... oval:org.secpod.oval:def:89002817 postgresql13 is installed oval:org.secpod.oval:def:605555 postgresql-13 is installed oval:org.secpod.oval:def:89047180 This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries . - Fixed build with llvm12 on s390x . - Re-enabled icu for PostgreSQL 10 . - Made the dependency of postgresqlXX-server-devel on llvm and clang optional . - llvm12 breaks PostgreSQL ... oval:org.secpod.oval:def:3300790 SUSE Security Update: Security update for postgresql13 oval:org.secpod.oval:def:88352 Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the security-restricted operation sandbox. For additional information please refer to the upstream announcement at https://www.postgresql.org/support/security/CVE-2022-1552/ oval:org.secpod.oval:def:89047535 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes . oval:org.secpod.oval:def:88321 Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. oval:org.secpod.oval:def:605681 Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. oval:org.secpod.oval:def:89047284 This update for postgresql13 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake . - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake . oval:org.secpod.oval:def:89047176 This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations . - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists . - CVE-2021-32029: Fixed possibly- ... oval:org.secpod.oval:def:89047581 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension . oval:org.secpod.oval:def:3300519 SUSE Security Update: Security update for postgresql13 oval:org.secpod.oval:def:89048525 This update for postgresql13 fixes the following issues: Update to 13.10: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:93336 Two security issues were found in PostgreSQL, which may result in privilege escalation or incorrect policy enforcement. oval:org.secpod.oval:def:3301860 Security update for postgresql15 oval:org.secpod.oval:def:89048852 This update for postgresql13 fixes the following issues: Updated to version 13.11: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a u ... oval:org.secpod.oval:def:89051116 This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:3302076 Security update for postgresql13 oval:org.secpod.oval:def:89048842 This update for postgresql13 fixes the following issues: Updated to version 13.11: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a u ... oval:org.secpod.oval:def:89051105 This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:89049275 This update for postgresql15 fixes the following issues: * Update to 13.12 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions oval:org.secpod.oval:def:3302373 Security update for postgresql13 oval:org.secpod.oval:def:89051476 This update for postgresql13 fixes the following issues: Upgrade to 13.14: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051498 This update for postgresql13 fixes the following issues: Upgrade to 13.14: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:98520 It was discovered that a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions. oval:org.secpod.oval:def:706101 postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. |
