DSA-5554-1 postgresql-13 -- postgresql-13ID: oval:org.secpod.oval:def:612797 | Date: (C)2023-11-24 (M)2024-06-24 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls. CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions. CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service. CVE-2023-39417 Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg reported that an extension script using @substitutions@ within quoting may allow to perform an SQL injection for an attacker having database-level CREATE privileges.
Product: |
postgresql-server-dev-13 |
libecpg6 |
libpq-dev |
postgresql-pltcl-13 |
libpgtypes3 |
postgresql-plperl-13 |
postgresql-13 |
libecpg-dev |
postgresql-plpython3-13 |
libpq5 |
postgresql-doc-13 |
postgresql-client-13 |
libecpg-compat3 |