First published: Tue Oct 31 2023(Updated: )
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/postgresql-14 | <14.10-0ubuntu0.22.04.1 | 14.10-0ubuntu0.22.04.1 |
ubuntu/postgresql-14 | <14.10 | 14.10 |
ubuntu/postgresql-12 | <12.17-0ubuntu0.20.04.1 | 12.17-0ubuntu0.20.04.1 |
ubuntu/postgresql-12 | <12.17 | 12.17 |
ubuntu/postgresql-10 | <10.23-0ubuntu0.18.04.2+ | 10.23-0ubuntu0.18.04.2+ |
ubuntu/postgresql-9.5 | <9.5.25-0ubuntu0.16.04.1+ | 9.5.25-0ubuntu0.16.04.1+ |
ubuntu/postgresql-15 | <15.5 | 15.5 |
ubuntu/postgresql-15 | <15.5-0ubuntu0.23.04.1 | 15.5-0ubuntu0.23.04.1 |
ubuntu/postgresql-15 | <15.5-0ubuntu0.23.10.1 | 15.5-0ubuntu0.23.10.1 |
ubuntu/postgresql-16 | <16.1 | 16.1 |
redhat/PostgreSQL | <16.1 | 16.1 |
redhat/PostgreSQL | <15.5 | 15.5 |
redhat/PostgreSQL | <14.10 | 14.10 |
redhat/PostgreSQL | <13.13 | 13.13 |
redhat/PostgreSQL | <12.17 | 12.17 |
redhat/PostgreSQL | <11.22 | 11.22 |
Postgresql Postgresql | >=11.0<11.22 | |
Postgresql Postgresql | >=12.0<12.17 | |
Postgresql Postgresql | >=13.0<13.13 | |
Postgresql Postgresql | >=14.0<14.10 | |
Postgresql Postgresql | >=15.0<15.5 | |
Postgresql Postgresql | =16.0 | |
Redhat Codeready Linux Builder Eus | =9.2 | |
Redhat Codeready Linux Builder Eus For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Codeready Linux Builder Eus For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Codeready Linux Builder For Arm64 Eus | =8.6_aarch64 | |
Redhat Codeready Linux Builder For Arm64 Eus | =9.0_aarch64 | |
Redhat Codeready Linux Builder For Arm64 Eus | =9.2_aarch64 | |
Redhat Codeready Linux Builder For Ibm Z Systems Eus | =9.0_s390x | |
Redhat Codeready Linux Builder For Ibm Z Systems Eus | =9.2_s390x | |
Redhat Codeready Linux Builder For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Codeready Linux Builder For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Software Collections | =1.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux Eus | =8.8 | |
Redhat Enterprise Linux Eus | =9.0 | |
Redhat Enterprise Linux Eus | =9.2 | |
Redhat Enterprise Linux For Arm 64 | =8.0 | |
Redhat Enterprise Linux For Arm 64 | =8.8_aarch64 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.6_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.8_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =9.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =9.2_s390x | |
Redhat Enterprise Linux For Power Little Endian | =8.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.6_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.8_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server Aus | =9.2 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
debian/postgresql-11 | <=11.16-0+deb10u1 | 11.22-0+deb10u1 |
debian/postgresql-13 | <=13.11-0+deb11u1 | 13.13-0+deb11u1 |
debian/postgresql-15 | 15.5-0+deb12u1 | |
debian/postgresql-16 | 16.1-1 16.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The severity of CVE-2023-5870 is low.
You can update your PostgreSQL package to version 16.1 or apply the appropriate security updates for your specific version.
You can find more information about CVE-2023-5870 at the following references: [link1], [link2], [link3].