[CVE] Postgresql


Nov 22, 2021
Hello :)

Our security tool report that there is cve on postgresql despite that there is no update available on the proxmox mail gateway :
proxmox-mailgateway: 8.0.1
pmg-api: 8.0.7
pmg-gui: 4.0.2
pve-kernel-6.2: 8.0.5
proxmox-kernel-helper: 8.0.3
proxmox-kernel-6.2.16-19-pve: 6.2.16-19
proxmox-kernel-6.2: 6.2.16-19
proxmox-kernel-6.2.16-18-pve: 6.2.16-18
proxmox-kernel-6.2.16-12-pve: 6.2.16-12
pve-kernel-6.2.16-3-pve: 6.2.16-3
clamav-daemon: 1.0.3+dfsg-1~deb12u1
ifupdown2: 3.2.0-1+pmx5
libarchive-perl: 3.6.2
libjs-extjs: 7.0.0-4
libjs-framework7: 4.4.7-2
libproxmox-acme-perl: 1.4.6
libproxmox-acme-plugins: 1.4.6
libpve-apiclient-perl: 3.3.0
libpve-common-perl: 8.0.9
libpve-http-server-perl: 5.0.4
libxdgmime-perl: 1.1.0
lvm2: 2.03.16-2
pmg-docs: 8.0.1
pmg-i18n: 3.0.7
pmg-log-tracker: 2.4.1
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.2
proxmox-spamassassin: 4.0.0-4
proxmox-widget-toolkit: 4.0.9
pve-firmware: 3.8-3
pve-xtermjs: 4.16.0-3
zfsutils-linux: 2.1.13-pve1
Seems Debian Bookworm has not provided an update for both yet:

However from a quick glance -PMG neither uses the MERGE command (CVE-2023-39418) , nor does it install any extensions - and the only user it creates with CREATE database permissions is root (and if root is compromised ...the whole system is compromised).

So for the time being I think that there is no urgent need for an update on a regular PMG system.

I hope this helps!
  • Like
Reactions: Moayad


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!