Headline
RHSA-2022:4929: Red Hat Security Advisory: rh-postgresql13-postgresql security update
An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-06-07
Updated:
2022-06-07
RHSA-2022:4929 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: rh-postgresql13-postgresql security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: rh-postgresql13-postgresql (13.7).
Security Fix(es):
- postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox (CVE-2022-1552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted after installing this update.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.7-1.el7.src.rpm
SHA-256: aff34daeb17bdfa4b525ca09ffa628cae52fc2c6a91ea1f8684e02b25b44b051
x86_64
rh-postgresql13-postgresql-13.7-1.el7.x86_64.rpm
SHA-256: 24ff56584f15a7fb69b2a2fd45507a525504011719c1c25f1e72f973b7947ed4
rh-postgresql13-postgresql-contrib-13.7-1.el7.x86_64.rpm
SHA-256: ff5c4b26d6c855f02ecb5e3be77d20be295fb2d56d9fd467d8bab2e1e4f74615
rh-postgresql13-postgresql-contrib-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: a7d35a458aa800d1815790ddd6eb928ce8aaf556ff40de673a1e98c573404ef0
rh-postgresql13-postgresql-debuginfo-13.7-1.el7.x86_64.rpm
SHA-256: 4c37d2d37415535c445ae95271f304d1fe7c4173d86ba8fbe4b7fd5a2082cf14
rh-postgresql13-postgresql-devel-13.7-1.el7.x86_64.rpm
SHA-256: 83566e179d3a2d12583e00b281e4cc5cc6bb0ca23124bfc58fa55789ba3b665f
rh-postgresql13-postgresql-docs-13.7-1.el7.x86_64.rpm
SHA-256: 60d122c26eb015c08dac496b9ffc487a7b54a3cf360b46346e4d9bb2119a56b6
rh-postgresql13-postgresql-libs-13.7-1.el7.x86_64.rpm
SHA-256: 4ed408fbe85aa42f29118841205e66c815a196562cadb89bba0ca28b8a3ac3a9
rh-postgresql13-postgresql-plperl-13.7-1.el7.x86_64.rpm
SHA-256: f47738af9b4f450a9f8900c1fcc67733e0a75a557122beb34a9cba802df7d01c
rh-postgresql13-postgresql-plpython-13.7-1.el7.x86_64.rpm
SHA-256: ae58af55538774b9494d7c8aa5a4c5da121a0e081220ba0996e19da453777f10
rh-postgresql13-postgresql-plpython3-13.7-1.el7.x86_64.rpm
SHA-256: c3a50ca83eac624800ddb692647d078257ae5453a51811d173b3bdcd5b341e8d
rh-postgresql13-postgresql-pltcl-13.7-1.el7.x86_64.rpm
SHA-256: 878717fcd8f6bfbd46590f8f0d9d001e76eff2941b1189bb7a37c90840a15cde
rh-postgresql13-postgresql-server-13.7-1.el7.x86_64.rpm
SHA-256: 7e9bdda4b575e2845a6878d61357059c3ceb27ce551695986f88f16b8a2cbe10
rh-postgresql13-postgresql-server-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: 06708113d590ac776878fa7c5dbbda58d2d44ab1a0e61b88c6238d29292afd8f
rh-postgresql13-postgresql-static-13.7-1.el7.x86_64.rpm
SHA-256: 098f73790ea45754efe09ac8e274ceaeda66345b666501a7e7ead6d683f000db
rh-postgresql13-postgresql-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: a5db0a5f4d351cf5ffbe5dc0c742f313a20a62aae99c6b441fadb2c6d590cfd3
rh-postgresql13-postgresql-test-13.7-1.el7.x86_64.rpm
SHA-256: d85e284e87fda5958a3d28157cb1278207bfcbe220cd112bdc58aae448340104
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.7-1.el7.src.rpm
SHA-256: aff34daeb17bdfa4b525ca09ffa628cae52fc2c6a91ea1f8684e02b25b44b051
s390x
rh-postgresql13-postgresql-13.7-1.el7.s390x.rpm
SHA-256: 15fb0689bc86c939b2591a0c137d176985b9e31ce7a22bd9995da3935ac1c00a
rh-postgresql13-postgresql-contrib-13.7-1.el7.s390x.rpm
SHA-256: db646021ac2198171f715d1ed389d23aad526ae62bb5df1f3c789eedce9253c3
rh-postgresql13-postgresql-contrib-syspaths-13.7-1.el7.s390x.rpm
SHA-256: 0651d331aaa16721bcda6f48a3de36a48b64b1f5e873a01aaa8a351e90f06515
rh-postgresql13-postgresql-debuginfo-13.7-1.el7.s390x.rpm
SHA-256: 4647a4a3cd625b77e1a3aa4a668660603264100b41d41b199d3944583d8bee06
rh-postgresql13-postgresql-devel-13.7-1.el7.s390x.rpm
SHA-256: 74d7494137efed68955c68229bae9c9ddac86a91e9bc52666135f76e0b4c4e6f
rh-postgresql13-postgresql-docs-13.7-1.el7.s390x.rpm
SHA-256: 3c1f2f14d228a7b129d8afa516c42bfaf584f361fea735b9363ef7ba680d5ed9
rh-postgresql13-postgresql-libs-13.7-1.el7.s390x.rpm
SHA-256: 0c758e42b63c034e1ec181406debc9ac1a483ecfb18f10978627003f087b2fa3
rh-postgresql13-postgresql-plperl-13.7-1.el7.s390x.rpm
SHA-256: e2cf346ed75dfeef7c980b0c3e23888056b268e56f1a01dd53279b6a15cd0355
rh-postgresql13-postgresql-plpython-13.7-1.el7.s390x.rpm
SHA-256: e27800ff8c0951532b7392b1c4ee199f3fa0190cf1fcd7d195d7099353e62fcd
rh-postgresql13-postgresql-plpython3-13.7-1.el7.s390x.rpm
SHA-256: 59cb19aed9c42779fe6d19ca07892ee70a4d9fcfed6751ef2f77d2b73b1bd975
rh-postgresql13-postgresql-pltcl-13.7-1.el7.s390x.rpm
SHA-256: 8e5578d8d56126500e6b16ca4c61528a074dcf0bdf090d93673486fdb5902b2a
rh-postgresql13-postgresql-server-13.7-1.el7.s390x.rpm
SHA-256: f15627efea799eeb17cb6fb356096989e0f494160fd14c58c44cd9a3c4e8364a
rh-postgresql13-postgresql-server-syspaths-13.7-1.el7.s390x.rpm
SHA-256: cea9f35cbbaeb46d3a263fbe0cb4076501a59897d76e9cc197771562fdedddcc
rh-postgresql13-postgresql-static-13.7-1.el7.s390x.rpm
SHA-256: 6959a3953d3eb731219ba31a9601c53f3073362c535a7e3d6a8505b6fcd855e3
rh-postgresql13-postgresql-syspaths-13.7-1.el7.s390x.rpm
SHA-256: 44dd58d8b8e7ac26d945ab5a8746d054fde9087104b0132ac66bd5cb1d6f9f22
rh-postgresql13-postgresql-test-13.7-1.el7.s390x.rpm
SHA-256: a7a54bf2efab102d05d47f2d268d1d798c3a0296f4abd56e88a5db5b3a27e84a
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.7-1.el7.src.rpm
SHA-256: aff34daeb17bdfa4b525ca09ffa628cae52fc2c6a91ea1f8684e02b25b44b051
ppc64le
rh-postgresql13-postgresql-13.7-1.el7.ppc64le.rpm
SHA-256: 49a462af5b12904b4d5adf2a9edb8cdf006ab53a92a2a69d419de550709dcebd
rh-postgresql13-postgresql-contrib-13.7-1.el7.ppc64le.rpm
SHA-256: d92e56d185443969ae2f2990e5a4437ecc4de6a132f31f04a50c9c4fe3d23ca7
rh-postgresql13-postgresql-contrib-syspaths-13.7-1.el7.ppc64le.rpm
SHA-256: 6ec3d64baba393d62fc2d77cc4972777fc78bc339c15820329275c274fddcf30
rh-postgresql13-postgresql-debuginfo-13.7-1.el7.ppc64le.rpm
SHA-256: fc7a9fd2670ca14098ef49f97e053644a66bcd353551f20a14de4ef70b81616e
rh-postgresql13-postgresql-devel-13.7-1.el7.ppc64le.rpm
SHA-256: 8ddb141490dc10e8d522b1ede0a1c68c1d1f2a16973ae7e9a63aef2c4dd134d2
rh-postgresql13-postgresql-docs-13.7-1.el7.ppc64le.rpm
SHA-256: 7fc5b7b08dc990267763a80b72c6b133ff0897f47b5fab895a178816d7a60cb1
rh-postgresql13-postgresql-libs-13.7-1.el7.ppc64le.rpm
SHA-256: 874138c24689a5a4e26cf1bf2a37351b20d608e4be0ebf2a3b5c3e7ba0a18558
rh-postgresql13-postgresql-plperl-13.7-1.el7.ppc64le.rpm
SHA-256: e425c52268abbe208fb75307b8fddf2fcb11240f0dee416f45713b0f8aca7d38
rh-postgresql13-postgresql-plpython-13.7-1.el7.ppc64le.rpm
SHA-256: beb28465283d3fb08670fa32f63dbd7dc3dea9299c45ca8922ae5f20bb1a6cd8
rh-postgresql13-postgresql-plpython3-13.7-1.el7.ppc64le.rpm
SHA-256: 77a75c5046088ee2f2eaa6106a5a32bfa0a706e30cd6c43b92c0f9912e693145
rh-postgresql13-postgresql-pltcl-13.7-1.el7.ppc64le.rpm
SHA-256: a8cc8e9a363993dc6db542f2fb1d0bbecb53fc1daa1050d13cf7a2a6fe7437f9
rh-postgresql13-postgresql-server-13.7-1.el7.ppc64le.rpm
SHA-256: 3943dcce91d4c25b67bf0a96a33c65651863e06d424b02f54bf64d0af40850ee
rh-postgresql13-postgresql-server-syspaths-13.7-1.el7.ppc64le.rpm
SHA-256: 0c5e60eb9003865eaa7b612f72546dd9dfe8642cb4d376617a1b6ca1c54c88c1
rh-postgresql13-postgresql-static-13.7-1.el7.ppc64le.rpm
SHA-256: 63aa224e57ecd822d5723e3b24156d5afaf9cfcdef8b26a40d80a1d187c6ec7c
rh-postgresql13-postgresql-syspaths-13.7-1.el7.ppc64le.rpm
SHA-256: cbe66748a8689156608281f29e22c523728a59543306643844d85b6548f7d8ca
rh-postgresql13-postgresql-test-13.7-1.el7.ppc64le.rpm
SHA-256: 16331a075a37510cf0ccf63cdefc6e5d2b9c9e81e5770081353f8857f7338274
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.7-1.el7.src.rpm
SHA-256: aff34daeb17bdfa4b525ca09ffa628cae52fc2c6a91ea1f8684e02b25b44b051
x86_64
rh-postgresql13-postgresql-13.7-1.el7.x86_64.rpm
SHA-256: 24ff56584f15a7fb69b2a2fd45507a525504011719c1c25f1e72f973b7947ed4
rh-postgresql13-postgresql-contrib-13.7-1.el7.x86_64.rpm
SHA-256: ff5c4b26d6c855f02ecb5e3be77d20be295fb2d56d9fd467d8bab2e1e4f74615
rh-postgresql13-postgresql-contrib-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: a7d35a458aa800d1815790ddd6eb928ce8aaf556ff40de673a1e98c573404ef0
rh-postgresql13-postgresql-debuginfo-13.7-1.el7.x86_64.rpm
SHA-256: 4c37d2d37415535c445ae95271f304d1fe7c4173d86ba8fbe4b7fd5a2082cf14
rh-postgresql13-postgresql-devel-13.7-1.el7.x86_64.rpm
SHA-256: 83566e179d3a2d12583e00b281e4cc5cc6bb0ca23124bfc58fa55789ba3b665f
rh-postgresql13-postgresql-docs-13.7-1.el7.x86_64.rpm
SHA-256: 60d122c26eb015c08dac496b9ffc487a7b54a3cf360b46346e4d9bb2119a56b6
rh-postgresql13-postgresql-libs-13.7-1.el7.x86_64.rpm
SHA-256: 4ed408fbe85aa42f29118841205e66c815a196562cadb89bba0ca28b8a3ac3a9
rh-postgresql13-postgresql-plperl-13.7-1.el7.x86_64.rpm
SHA-256: f47738af9b4f450a9f8900c1fcc67733e0a75a557122beb34a9cba802df7d01c
rh-postgresql13-postgresql-plpython-13.7-1.el7.x86_64.rpm
SHA-256: ae58af55538774b9494d7c8aa5a4c5da121a0e081220ba0996e19da453777f10
rh-postgresql13-postgresql-plpython3-13.7-1.el7.x86_64.rpm
SHA-256: c3a50ca83eac624800ddb692647d078257ae5453a51811d173b3bdcd5b341e8d
rh-postgresql13-postgresql-pltcl-13.7-1.el7.x86_64.rpm
SHA-256: 878717fcd8f6bfbd46590f8f0d9d001e76eff2941b1189bb7a37c90840a15cde
rh-postgresql13-postgresql-server-13.7-1.el7.x86_64.rpm
SHA-256: 7e9bdda4b575e2845a6878d61357059c3ceb27ce551695986f88f16b8a2cbe10
rh-postgresql13-postgresql-server-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: 06708113d590ac776878fa7c5dbbda58d2d44ab1a0e61b88c6238d29292afd8f
rh-postgresql13-postgresql-static-13.7-1.el7.x86_64.rpm
SHA-256: 098f73790ea45754efe09ac8e274ceaeda66345b666501a7e7ead6d683f000db
rh-postgresql13-postgresql-syspaths-13.7-1.el7.x86_64.rpm
SHA-256: a5db0a5f4d351cf5ffbe5dc0c742f313a20a62aae99c6b441fadb2c6d590cfd3
rh-postgresql13-postgresql-test-13.7-1.el7.x86_64.rpm
SHA-256: d85e284e87fda5958a3d28157cb1278207bfcbe220cd112bdc58aae448340104
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat OpenShift Container Platform release 3.11.784 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4929-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4894-01 - PostgreSQL is an advanced object-relational database management system.
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
Red Hat Security Advisory 2022-4805-01 - PostgreSQL is an advanced object-relational database management system.
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox