Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870)
Continue reading...
Continue reading...