DLA-3651-1

Import Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-3651-1.json
Related
  • CVE-2023-5868
  • CVE-2023-5869
  • CVE-2023-5870
Published
2023-11-14T00:00:00Z
Modified
2023-11-14T09:15:33.011665Z
Details

Several vulnerabilities have been discovered in the PostgreSQL database system.

  • CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls.
  • CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions.
  • CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service.

For Debian 10 buster, these problems have been fixed in version 11.22-0+deb10u1.

We recommend that you upgrade your postgresql-11 packages.

For the detailed security status of postgresql-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-11

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

Affected packages

Debian:10 / postgresql-11

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
11.22-0+deb10u1

Affected versions

11.*

11.4-1
11.5-1
11.5-1+deb10u1
11.5-2
11.5-3sid1
11.5-3sid2
11.6-0+deb10u1
11.6-2~sid1
11.7-0+deb10u1
11.9-0+deb10u1
11.10-0+deb10u1
11.11-0+deb10u1
11.12-0+deb10u1
11.13-0+deb10u1
11.14-0+deb10u1
11.16-0+deb10u1
11.17-0+deb10u1
11.18-0+deb10u1
11.19-0+deb10u1
11.20-0+deb10u1
11.21-0+deb10u1
11.21-0+deb10u2