Third-Party Package Updates in PostgreSQL App - April 2025
Advisory ID: SVD-2025-0406
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in PostgreSQL App version 2.0.19 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| certifi1 | Package Removed | CVE-2022-23491 | High |
| urllib32 | Package Removed | CVE-2023-43804 | High |
| cyrus-sasl3 | Package Removed | Multiple | High |
| kerberos4 | Package Removed | CVE-2020-28196 | High |
| openldap5 | Package Removed | Multiple | High |
| openssl6 | Package Removed | Multiple | High |
| pcre7 | Package Removed | Multiple | High |
1 PostgreSQL removed the wheels folder which contains certifi package to remedy CVE-2022-23491
2 PostgreSQL removed the wheels folder which contains urllib3 package to remedy CVE-2023-43804
3 PostgreSQL removed the wheels folder which contains cyrus-sasl package to remedy multiple CVE’s
4 PostgreSQL removed the wheels folder which contains kerberos package to remedy CVE-2020-28196
5 PostgreSQL removed the wheels folder which contains openldap package to remedy multiple CVE’s
6 PostgreSQL removed the wheels folder which contains openssl package to remedy multiple CVE’s
7 PostgreSQL removed the wheels folder which contains pcre package to remedy multiple CVE’s
Solution
Upgrade PostgreSQL App to version 2.0.19 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| PostgreSQL | 2.0.19 | Below 2.0.19 | 2.0.19 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.