Headline
RHSA-2023:0160: Red Hat Security Advisory: rh-postgresql10-postgresql security and bug fix update
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-12
Updated:
2023-01-12
RHSA-2023:0160 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: rh-postgresql10-postgresql security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version:
rh-postgresql10-postgresql (10.23).
Security Fix(es):
- postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- rh-postgresql10-postgresql: Update to the latest PostgreSQL version 10.23 (BZ#2157611)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted after installing this update.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.
- BZ - 2157611 - rh-postgresql10-postgresql: Update to the latest PostgreSQL version 10.23 [rhscl-3.8.z]
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.23-1.el7.src.rpm
SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d
x86_64
rh-postgresql10-postgresql-10.23-1.el7.x86_64.rpm
SHA-256: 9e8e137de06799180dcda9945ad969f97474c8d1de36c4d13c0c3c7a9d792025
rh-postgresql10-postgresql-contrib-10.23-1.el7.x86_64.rpm
SHA-256: 50c4d2a5e03b9083146c5bf6457bf5e85699f25466c692919c5b85c3fd6f698b
rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: 819b433bd854c822822c4cde614e79412fb5643345ad34fa3346095abee28db8
rh-postgresql10-postgresql-debuginfo-10.23-1.el7.x86_64.rpm
SHA-256: eca99649c1388b889f28e5aefd7258eaa39728cb02d51aa56db302cd03fbc6dd
rh-postgresql10-postgresql-devel-10.23-1.el7.x86_64.rpm
SHA-256: 2785082807d70a56c48e1d9705a61e92f637bf0727e882e5981a43aa9218beb7
rh-postgresql10-postgresql-docs-10.23-1.el7.x86_64.rpm
SHA-256: 7287e787bce8ed2846c082fbaaa0a15d792ae37dcad67724d05d8159a6a3e6ed
rh-postgresql10-postgresql-libs-10.23-1.el7.x86_64.rpm
SHA-256: 13fd021d8e50d783f69e246cd3b922c2116d6b4238e937d3e5dcd31a6f07e084
rh-postgresql10-postgresql-plperl-10.23-1.el7.x86_64.rpm
SHA-256: 4dc346633af3d9ef6b44e187020ba5e6ffa074680eceb4ab3e539a0ddd1935d4
rh-postgresql10-postgresql-plpython-10.23-1.el7.x86_64.rpm
SHA-256: ddaa99baa1524419459149cc6189e6235ea34d939a47416a8b86cdf943059909
rh-postgresql10-postgresql-pltcl-10.23-1.el7.x86_64.rpm
SHA-256: 65c937d1b09ba6e386a072c301cad9a0ccd6a8ba69664919afdfcee925611f4d
rh-postgresql10-postgresql-server-10.23-1.el7.x86_64.rpm
SHA-256: 564b2fe0a795de2065c4a219a67c01ccacbb7e858a6422acaa8a893cc4f643b4
rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: 78d23898ec3c1a6f8bfe577634e480e6687a11eca0e10d755fb2839a7d60de02
rh-postgresql10-postgresql-static-10.23-1.el7.x86_64.rpm
SHA-256: 61686f8cddb237cdccd6bbffb771c22a7ca0854322641d3ca235c63466782d4e
rh-postgresql10-postgresql-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: cde1968ca15b24c42f5a51967b4a8a2dbaa2ad962de52959887ff0063bc55804
rh-postgresql10-postgresql-test-10.23-1.el7.x86_64.rpm
SHA-256: 95ed1005a6f7a6028d1fb7a47a3efbf06ce22a6a473f5773e7d934b67fc1d8cf
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.23-1.el7.src.rpm
SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d
s390x
rh-postgresql10-postgresql-10.23-1.el7.s390x.rpm
SHA-256: af8537492b5e222bb9da33a9f134429e3a4a47adcc9ebc73d3089dc4144ac214
rh-postgresql10-postgresql-contrib-10.23-1.el7.s390x.rpm
SHA-256: 397b0a7c2c509fdb28b9bc66f9dc0d22a8dda0d0f6cb55e7fdf83db1222242f9
rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.s390x.rpm
SHA-256: ae0041713fe436386c8f3fc6871ce71583ae997ee083c346ca92d1ad2d97da31
rh-postgresql10-postgresql-debuginfo-10.23-1.el7.s390x.rpm
SHA-256: bc2754118c020d5478b535c889a0b92fe3a0e567b463037ada9c6a1e33e11f14
rh-postgresql10-postgresql-devel-10.23-1.el7.s390x.rpm
SHA-256: fdf12904b623f6b46fe6ca58534340b06509977b116126aa700a75b8db2ca93d
rh-postgresql10-postgresql-docs-10.23-1.el7.s390x.rpm
SHA-256: f037a2c8d0fa74c0289fa815d08c6fb05c5728b88e5f5dc0a4d2fd87bab6fd71
rh-postgresql10-postgresql-libs-10.23-1.el7.s390x.rpm
SHA-256: c44cca713734714538a3005d0a3ba41daf6eda28333731479838137dbd36663d
rh-postgresql10-postgresql-plperl-10.23-1.el7.s390x.rpm
SHA-256: 7ded767983f0fd180379e5f5d78445d4ca2c16d08299f0377d9d3deeddcd092c
rh-postgresql10-postgresql-plpython-10.23-1.el7.s390x.rpm
SHA-256: 7666cde9bf161f8eca8de4fa93474be9ed03ad2293bc6a265ef2dcfbce922923
rh-postgresql10-postgresql-pltcl-10.23-1.el7.s390x.rpm
SHA-256: 91eb6d5a2f6a220d10dfe13256ca88e45ba0bfdf4d818bb5adfac33c725d7535
rh-postgresql10-postgresql-server-10.23-1.el7.s390x.rpm
SHA-256: 4bda45bed83e94085d214d00ca0a0b636f8549494caafa7821e3164caab95a6d
rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.s390x.rpm
SHA-256: 787a0695ba91fe27e5f035b8507b58bd06ca8adae75080c2f76de5c445782291
rh-postgresql10-postgresql-static-10.23-1.el7.s390x.rpm
SHA-256: 1e289ec54e74433febba2a79aee749da9188889c0bf4d16fcc9258f591c9fbae
rh-postgresql10-postgresql-syspaths-10.23-1.el7.s390x.rpm
SHA-256: 37efedd8568471c57c7b1d5cd986efb54902eb02019a604dda7c1d4fd8e8dbeb
rh-postgresql10-postgresql-test-10.23-1.el7.s390x.rpm
SHA-256: 0c8c206e27ce9308bea4f70db28f44093c6cc65a80bd679e9351870d3580cb2d
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.23-1.el7.src.rpm
SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d
ppc64le
rh-postgresql10-postgresql-10.23-1.el7.ppc64le.rpm
SHA-256: 3a975bd0df861487042a234a4d0bbb68856d5cbeb67c5826a97aefd444ea705c
rh-postgresql10-postgresql-contrib-10.23-1.el7.ppc64le.rpm
SHA-256: c2250f60b815defcd8379cb63e1ea3c7073af8ed35b75f3dc9dcb002551fae00
rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.ppc64le.rpm
SHA-256: 58aa16ce0eaa60d74fc29422dbbe3ebff0f5a490c15f48050a6b0ab4e88f9a0e
rh-postgresql10-postgresql-debuginfo-10.23-1.el7.ppc64le.rpm
SHA-256: b819a3d165143edd6283e8c43d029af2d61e06519fb2a02d9f03d91bbaf93cd2
rh-postgresql10-postgresql-devel-10.23-1.el7.ppc64le.rpm
SHA-256: 1cd40e1dc4a2cabbde656ddbe9c1f022aabc20750393d21caeed9ad8d398fbfe
rh-postgresql10-postgresql-docs-10.23-1.el7.ppc64le.rpm
SHA-256: ba6a8e4781b89f30da58e84806d986e0dfe1ad86666ce8e335d4e0b550eaeab8
rh-postgresql10-postgresql-libs-10.23-1.el7.ppc64le.rpm
SHA-256: 2e36bf7f18cd587c570339c06b37220ab80fa2d78f868d7006590ba2818d6526
rh-postgresql10-postgresql-plperl-10.23-1.el7.ppc64le.rpm
SHA-256: 2e48e0649b741657737406537adf368fd705e3c8428f4ae36b30142199109e6b
rh-postgresql10-postgresql-plpython-10.23-1.el7.ppc64le.rpm
SHA-256: 3938a0b02c25c808c434635dd9e6d9d8ace897f0845cde20dc97c36745dc8430
rh-postgresql10-postgresql-pltcl-10.23-1.el7.ppc64le.rpm
SHA-256: 557d8c5805558f8c470e0673bdd9c2fb4fcb8ec431686c51ed42bdb9b0e0508e
rh-postgresql10-postgresql-server-10.23-1.el7.ppc64le.rpm
SHA-256: 24de036895da83e764f5b0623a96f969103d8806c5fed7bb44386d821ebb2377
rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.ppc64le.rpm
SHA-256: 07defd5c53809d2ffebdb084f39e96a40fff505a7b42e58f24a856b1fda4b780
rh-postgresql10-postgresql-static-10.23-1.el7.ppc64le.rpm
SHA-256: 544282847f4d9fc629b6aad77bab0ae6a341e8b9fd0a8f4aa044a0480b1aa77c
rh-postgresql10-postgresql-syspaths-10.23-1.el7.ppc64le.rpm
SHA-256: 4bbba2a2c9b465671a078a2bd18c4a72a14c31fe380cd234d1d70b423bf9b0e5
rh-postgresql10-postgresql-test-10.23-1.el7.ppc64le.rpm
SHA-256: de4bc7ff09d29df834a411b7cf29b4f6e46c8048fc440428a424857b7e6ca685
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.23-1.el7.src.rpm
SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d
x86_64
rh-postgresql10-postgresql-10.23-1.el7.x86_64.rpm
SHA-256: 9e8e137de06799180dcda9945ad969f97474c8d1de36c4d13c0c3c7a9d792025
rh-postgresql10-postgresql-contrib-10.23-1.el7.x86_64.rpm
SHA-256: 50c4d2a5e03b9083146c5bf6457bf5e85699f25466c692919c5b85c3fd6f698b
rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: 819b433bd854c822822c4cde614e79412fb5643345ad34fa3346095abee28db8
rh-postgresql10-postgresql-debuginfo-10.23-1.el7.x86_64.rpm
SHA-256: eca99649c1388b889f28e5aefd7258eaa39728cb02d51aa56db302cd03fbc6dd
rh-postgresql10-postgresql-devel-10.23-1.el7.x86_64.rpm
SHA-256: 2785082807d70a56c48e1d9705a61e92f637bf0727e882e5981a43aa9218beb7
rh-postgresql10-postgresql-docs-10.23-1.el7.x86_64.rpm
SHA-256: 7287e787bce8ed2846c082fbaaa0a15d792ae37dcad67724d05d8159a6a3e6ed
rh-postgresql10-postgresql-libs-10.23-1.el7.x86_64.rpm
SHA-256: 13fd021d8e50d783f69e246cd3b922c2116d6b4238e937d3e5dcd31a6f07e084
rh-postgresql10-postgresql-plperl-10.23-1.el7.x86_64.rpm
SHA-256: 4dc346633af3d9ef6b44e187020ba5e6ffa074680eceb4ab3e539a0ddd1935d4
rh-postgresql10-postgresql-plpython-10.23-1.el7.x86_64.rpm
SHA-256: ddaa99baa1524419459149cc6189e6235ea34d939a47416a8b86cdf943059909
rh-postgresql10-postgresql-pltcl-10.23-1.el7.x86_64.rpm
SHA-256: 65c937d1b09ba6e386a072c301cad9a0ccd6a8ba69664919afdfcee925611f4d
rh-postgresql10-postgresql-server-10.23-1.el7.x86_64.rpm
SHA-256: 564b2fe0a795de2065c4a219a67c01ccacbb7e858a6422acaa8a893cc4f643b4
rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: 78d23898ec3c1a6f8bfe577634e480e6687a11eca0e10d755fb2839a7d60de02
rh-postgresql10-postgresql-static-10.23-1.el7.x86_64.rpm
SHA-256: 61686f8cddb237cdccd6bbffb771c22a7ca0854322641d3ca235c63466782d4e
rh-postgresql10-postgresql-syspaths-10.23-1.el7.x86_64.rpm
SHA-256: cde1968ca15b24c42f5a51967b4a8a2dbaa2ad962de52959887ff0063bc55804
rh-postgresql10-postgresql-test-10.23-1.el7.x86_64.rpm
SHA-256: 95ed1005a6f7a6028d1fb7a47a3efbf06ce22a6a473f5773e7d934b67fc1d8cf
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-7695-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7694-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7545-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT ...
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or ...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0160-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
Ubuntu Security Notice 5571-1 - Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated.
A vulnerability found in postgresql. On this security issue an attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in the core server, so there's no need to modify individual extensions.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.