RLSA-2023:1576

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2023:1576.json

Related

Published

2023-04-06T15:52:43.180890Z

Modified

2023-04-06T15:54:34.319228Z

Details

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)
postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:8 / pgaudit

Package

Name: pgaudit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.0-1.module+el8.5.0+684+c3892ef9

Rocky Linux:8 / pg_repack

Package

Name: pg_repack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.6-3.module+el8.5.0+684+c3892ef9

Rocky Linux:8 / postgres-decoderbufs

Package

Name: postgres-decoderbufs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.10.0-2.module+el8.5.0+684+c3892ef9

Rocky Linux:8 / postgresql

Package

Name: postgresql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:13.10-1.module+el8.7.0+1175+026203e7