Lucene search

K
redhatRedHatRHSA-2024:5929
HistoryAug 28, 2024 - 11:05 a.m.

(RHSA-2024:5929) Important: postgresql:16 security update

2024-08-2811:05:36
access.redhat.com
5
postgresql
security update
cve-2024-4317
cve-2024-7348
authorization checks
pg_dump
cvss score
references

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)

  • postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64postgresql-plperl-debuginfo< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-plperl-debuginfo-16.4-1.module+el9.4.0+22207+8466e31f.x86_64.rpm
RedHatanyppc64lepostgresql-debugsource< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-debugsource-16.4-1.module+el9.4.0+22207+8466e31f.ppc64le.rpm
RedHatanyppc64lepostgresql-private-devel< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-private-devel-16.4-1.module+el9.4.0+22207+8466e31f.ppc64le.rpm
RedHatanyppc64lepg_repack-debugsource< 1.4.8-1.module+el9.4.0+20427+07482b8cpg_repack-debugsource-1.4.8-1.module+el9.4.0+20427+07482b8c.ppc64le.rpm
RedHatanys390xpostgresql-docs-debuginfo< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-docs-debuginfo-16.4-1.module+el9.4.0+22207+8466e31f.s390x.rpm
RedHatanyx86_64postgresql-static< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-static-16.4-1.module+el9.4.0+22207+8466e31f.x86_64.rpm
RedHatanyppc64lepg_repack< 1.4.8-1.module+el9.4.0+20427+07482b8cpg_repack-1.4.8-1.module+el9.4.0+20427+07482b8c.ppc64le.rpm
RedHatanys390xpostgresql-server-devel< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-server-devel-16.4-1.module+el9.4.0+22207+8466e31f.s390x.rpm
RedHatanyaarch64postgresql-debuginfo< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-debuginfo-16.4-1.module+el9.4.0+22207+8466e31f.aarch64.rpm
RedHatanyppc64lepostgresql-server-devel-debuginfo< 16.4-1.module+el9.4.0+22207+8466e31fpostgresql-server-devel-debuginfo-16.4-1.module+el9.4.0+22207+8466e31f.ppc64le.rpm
Rows per page:
1-10 of 1451

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High