(RHSA-2024:6141) Important: postgresql:13 security update

2024-09-0301:09:00

access.redhat.com

postgresql

security update

relation replacement vulnerability

cve-2024-7348

cvss score

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64postgresql-docs-debuginfo< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-docs-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHatanyx86_64postgresql-upgrade< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-upgrade-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHatanyx86_64pgaudit-debuginfo< 1.5.0-1.module+el8.4.0+8873+b821c30apgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm
RedHatanyppc64lepostgresql-plpython3< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-plpython3-13.16-1.module+el8.8.0+22253+503e51b2.2.ppc64le.rpm
RedHatanys390xpostgresql-static< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-static-13.16-1.module+el8.8.0+22253+503e51b2.2.s390x.rpm
RedHatanyaarch64postgresql-contrib< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-contrib-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm
RedHatanyaarch64postgresql-server-debuginfo< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-server-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm
RedHatanyx86_64postgresql-upgrade-devel-debuginfo< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-upgrade-devel-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHatanyppc64lepostgresql-contrib< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-contrib-13.16-1.module+el8.8.0+22253+503e51b2.2.ppc64le.rpm
RedHatanyaarch64postgresql-server< 13.16-1.module+el8.8.0+22253+503e51b2.2postgresql-server-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	postgresql-docs-debuginfo	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-docs-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHat	any	x86_64	postgresql-upgrade	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-upgrade-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHat	any	x86_64	pgaudit-debuginfo	< 1.5.0-1.module+el8.4.0+8873+b821c30a	pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm
RedHat	any	ppc64le	postgresql-plpython3	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-plpython3-13.16-1.module+el8.8.0+22253+503e51b2.2.ppc64le.rpm
RedHat	any	s390x	postgresql-static	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-static-13.16-1.module+el8.8.0+22253+503e51b2.2.s390x.rpm
RedHat	any	aarch64	postgresql-contrib	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-contrib-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm
RedHat	any	aarch64	postgresql-server-debuginfo	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-server-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm
RedHat	any	x86_64	postgresql-upgrade-devel-debuginfo	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-upgrade-devel-debuginfo-13.16-1.module+el8.8.0+22253+503e51b2.2.x86_64.rpm
RedHat	any	ppc64le	postgresql-contrib	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-contrib-13.16-1.module+el8.8.0+22253+503e51b2.2.ppc64le.rpm
RedHat	any	aarch64	postgresql-server	< 13.16-1.module+el8.8.0+22253+503e51b2.2	postgresql-server-13.16-1.module+el8.8.0+22253+503e51b2.2.aarch64.rpm