Updated postgresql packages fix security vulnerabilities
Publication date: 22 Nov 2023Modification date: 22 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-5868 , CVE-2023-5869 , CVE-2023-5870
Description
The updated packages fix security vulnerabilities:
Memory disclosure in aggregate function calls. (CVE-2023-5868)
Buffer overrun from integer overflow in array modification.
(CVE-2023-5869)
Role pg_signal_backend can signal certain superuser processes.
(CVE-2023-5870)
References
- https://bugs.mageia.org/show_bug.cgi?id=32514
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5869
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5870
SRPMS
9/core
- postgresql15-15.5-1.mga9
- postgresql13-13.13-1.mga9
8/core
- postgresql13-13.13-1.mga8
- postgresql11-11.22-1.mga8