DLA-3651-1

Import Source

https://storage.googleapis.com/debian-osv/dla-osv/DLA-3651-1.json

Related

• CVE-2023-5868
• CVE-2023-5869
• CVE-2023-5870

Published

2023-11-14T00:00:00Z

Modified

2023-11-14T09:15:33.011665Z

Details

Several vulnerabilities have been discovered in the PostgreSQL database system.

• CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls.
• CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions.
• CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service.

For Debian 10 buster, these problems have been fixed in version 11.22-0+deb10u1.

We recommend that you upgrade your postgresql-11 packages.

For the detailed security status of postgresql-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-11

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

• https://www.debian.org/lts/security/2023/dla-3651