First published: Tue Oct 31 2023(Updated: )
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL PostgreSQL | >=11.0<11.22 | |
PostgreSQL PostgreSQL | >=12.0<12.17 | |
PostgreSQL PostgreSQL | >=13.0<13.13 | |
PostgreSQL PostgreSQL | >=14.0<14.10 | |
PostgreSQL PostgreSQL | >=15.0<15.5 | |
PostgreSQL PostgreSQL | =16.0 | |
Redhat Codeready Linux Builder Eus | =9.2 | |
Redhat Codeready Linux Builder Eus For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Codeready Linux Builder Eus For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Codeready Linux Builder For Arm64 Eus | =8.6_aarch64 | |
Redhat Codeready Linux Builder For Arm64 Eus | =9.0_aarch64 | |
Redhat Codeready Linux Builder For Arm64 Eus | =9.2_aarch64 | |
Redhat Codeready Linux Builder For Ibm Z Systems Eus | =9.0_s390x | |
Redhat Codeready Linux Builder For Ibm Z Systems Eus | =9.2_s390x | |
Redhat Codeready Linux Builder For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Codeready Linux Builder For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Software Collections | =1.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux Eus | =8.8 | |
Redhat Enterprise Linux Eus | =9.0 | |
Redhat Enterprise Linux Eus | =9.2 | |
Redhat Enterprise Linux For Arm 64 | =8.0 | |
Redhat Enterprise Linux For Arm 64 | =8.8_aarch64 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.6_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.8_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =9.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =9.2_s390x | |
Redhat Enterprise Linux For Power Little Endian | =8.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.6_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.8_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server Aus | =9.2 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
redhat/PostgreSQL | <16.1 | 16.1 |
redhat/PostgreSQL | <15.5 | 15.5 |
redhat/PostgreSQL | <14.10 | 14.10 |
redhat/PostgreSQL | <13.13 | 13.13 |
redhat/PostgreSQL | <12.17 | 12.17 |
redhat/PostgreSQL | <11.22 | 11.22 |
IBM Security Guardium | <=11.3 | |
IBM Security Guardium | <=11.4 | |
IBM Security Guardium | <=11.5 | |
IBM Security Guardium | <=12.0 | |
debian/postgresql-13 | 13.16-0+deb11u1 | |
debian/postgresql-15 | 15.8-0+deb12u1 | |
debian/postgresql-16 | 16.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-5870 is low.
You can update your PostgreSQL package to version 16.1 or apply the appropriate security updates for your specific version.
You can find more information about CVE-2023-5870 at the following references: [link1], [link2], [link3].