FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bbb18fcb-7f0d-11ee-94b4-6cc21735f730postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports:

Documentation says the pg_cancel_backend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum workers and those two launchers provides no meaningful exploit, so exploiting this vulnerability requires a non-core extension with a less-resilient background worker. For example, a non-core background worker that does not auto-restart would experience a denial of service with respect to that particular background worker.


Discovery 2023-11-09
Entry 2023-11-09
postgresql-server
< 16.1

< 15.5

< 14.10

< 13.13

< 12.17

< 11.22

CVE-2023-5870
https://www.postgresql.org/support/security/CVE-2023-5870/