exploitDog

RLSA-2023:7785

Опубликовано: 09 янв. 2024

Источник: rocky

Оценка: Important

Описание

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)
postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)
postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 9

Связанные CVE

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2228111
Red Hat - 2228111
https://bugzilla.redhat.com/show_bug.cgi?id=2228112
Red Hat - 2228112
https://bugzilla.redhat.com/show_bug.cgi?id=2247168
Red Hat - 2247168
https://bugzilla.redhat.com/show_bug.cgi?id=2247169
Red Hat - 2247169
https://bugzilla.redhat.com/show_bug.cgi?id=2247170
Red Hat - 2247170

Связанные уязвимости

ELSA-2023-7884

oracle-oval

почти 2 года назад

ELSA-2023-7884: postgresql:15 security update (IMPORTANT)

ELSA-2023-7785

oracle-oval

около 2 лет назад

ELSA-2023-7785: postgresql:15 security update (IMPORTANT)

RLSA-2023:7714

rocky

почти 2 года назад

Important: postgresql:12 security update

RLSA-2023:7581

rocky

около 2 лет назад

Important: postgresql:13 security update

ELSA-2023-7784

oracle-oval

почти 2 года назад

ELSA-2023-7784: postgresql security update (IMPORTANT)