ELSA-2023-7783

Опубликовано: 13 дек. 2023

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2023-7783: postgresql security update (IMPORTANT)

[9.2.24-9]

Backport fix for CVE-2023-5869

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

postgresql

9.2.24-9.el7_9

postgresql-contrib

9.2.24-9.el7_9

postgresql-devel

9.2.24-9.el7_9

postgresql-docs

9.2.24-9.el7_9

postgresql-libs

9.2.24-9.el7_9

postgresql-plperl

9.2.24-9.el7_9

postgresql-plpython

9.2.24-9.el7_9

postgresql-pltcl

9.2.24-9.el7_9

postgresql-server

9.2.24-9.el7_9

postgresql-static

9.2.24-9.el7_9

postgresql-test

9.2.24-9.el7_9

postgresql-upgrade

9.2.24-9.el7_9

Oracle Linux x86_64

postgresql

9.2.24-9.el7_9

postgresql-contrib

9.2.24-9.el7_9

postgresql-devel

9.2.24-9.el7_9

postgresql-docs

9.2.24-9.el7_9

postgresql-libs

9.2.24-9.el7_9

postgresql-plperl

9.2.24-9.el7_9

postgresql-plpython

9.2.24-9.el7_9

postgresql-pltcl

9.2.24-9.el7_9

postgresql-server

9.2.24-9.el7_9

postgresql-static

9.2.24-9.el7_9

postgresql-test

9.2.24-9.el7_9

postgresql-upgrade

9.2.24-9.el7_9

Связанные CVE

CVE-2023-5869

Ссылки на источники

Связанные уязвимости

CVE-2023-5869

CVSS3: 8.8

ubuntu

больше 1 года назад

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.