RLSA-2023:7884

postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)
postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)
postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
postgresql: Role pgsignalbackend can signal certain superuser processes. (CVE-2023-5870)
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8

pgaudit

Package

Name: pgaudit
Purl: pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.7.0-1.module+el8.10.0+40056+df351139

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

pgaudit

Package

Name: pgaudit
Purl: pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.7.0-1.module+el8.9.0+1525+fc91df60

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.4.8-1.module+el8.9.0+1525+fc91df60

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.4.8-1.module+el8.10.0+40056+df351139

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.4.8-1.module+el8.10.0+1858+fcc46a79

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.4.8-1.module+el8.10.0+1622+bd25b19c

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

postgres-decoderbufs

Package

Name: postgres-decoderbufs
Purl: pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.9.7-1.Final.module+el8.10.0+40056+df351139

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"

postgres-decoderbufs

Package

Name: postgres-decoderbufs
Purl: pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.9.7-1.Final.module+el8.9.0+1525+fc91df60

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2023:7884.json"