DSA-5553-1 postgresql-15 -- postgresql-15ID: oval:org.secpod.oval:def:612798 | Date: (C)2023-11-24 (M)2024-06-24 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls. CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions. CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service. CVE-2023-39417 Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg reported that an extension script using @substitutions@ within quoting may allow to perform an SQL injection for an attacker having database-level CREATE privileges. CVE-2023-39418 Dean Rasheed reported that the MERGE command to enforce UPDATE or SELECT row security policies.
Product: |
postgresql-server-dev-15 |
libpq-dev |
libecpg6 |
libpq5 |
libpgtypes3 |
postgresql-plpython3-15 |
libecpg-dev |
postgresql-15 |
postgresql-plperl-15 |
postgresql-pltcl-15 |
postgresql-client-15 |
libecpg-compat3 |
postgresql-doc-15 |