Headline
RHSA-2023:1576: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
- CVE-2022-41862: A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Issued:
2023-04-04
Updated:
2023-04-04
RHSA-2023:1576 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: postgresql:13 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)
- postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted after installing this update.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.
- BZ - 2165722 - CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server
Red Hat Enterprise Linux for x86_64 8
SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm
SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.src.rpm
SHA-256: fd2cc44a7863e6d94be2ed0bdde701959ab8e9cb88983a81aced694f119b077f
x86_64
postgresql-test-rpm-macros-13.10-1.module+el8.7.0+18279+1ca8cf12.noarch.rpm
SHA-256: a0196cdd533aeabcbaae4e7b75704af7ab4eac8a8cda43f9ba0db543c3a82de2
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm
SHA-256: ca85a22006bcc34f5c248b316e7cd4f4e85dd9b567d2c981f74d379062c844b4
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm
SHA-256: 557512e3ee00e5a6d5ff46d4443efd853f36d6030c9ed8776c0915d29d081f60
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm
SHA-256: ab85bdfa7d6d9b2e50f316880881239ce99e0915979a65b144349b95b844fa6b
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: 0ee2cdf7b40988a40a70294764149d58ef44f12b69ac85752465444a5b011340
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: ed444ce541962f85a37cae58466a203788f69a184d7dbeec159d7b424ab0ff8c
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: 3092f6f3bd32f8b30489fed2aad9d9884f77da6872a53d6b183a49b0224e7d91
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: c2d5f6f1d41fd29098090d75b4927696fc01450d42ae75311c14056e574645c0
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: 7275a1229edefdcf0df138ea35e317fb9143461c6122cb4c8a3ec2821f5e1b65
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm
SHA-256: c7145f0c47def50c037cd2694d408fa03627e7581a1303e8d7ccfb5cf47918e6
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: ae94b5bba4c1981093aedfec5abea73ed8015c446e212d0260c9ad6ee2640c43
postgresql-contrib-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 8947d9b103d64bcc5a4b3623535f41be6eda15934cb3de8a7400f0a846a61495
postgresql-contrib-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: dc3ee58cbe1da3ff9e7aa19858d8f0e4933bd13248c56d6549f985ee3742e4ba
postgresql-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 52b63c88b508bb66c4910b1ffbc90497e73ffc183401e1a9693ef161b0ff89a3
postgresql-debugsource-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 03cc0f8b3dd2f7de52897e287b1097f781a177df3dd92335d50d1f2f5a5cbdc2
postgresql-docs-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 691a7889262b4d2c5486113eb6e6b177f601c10190728d5cd913afcf37fe07a8
postgresql-docs-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 424b7ff2ad87eff5019faf02025bd998600474226f9550ccedef24ec45a75de0
postgresql-plperl-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 73f19428f22ccf98d4bbf629bea6b211f6071eb7123538364f85ea2d455f640a
postgresql-plperl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 6d2a644788741776224574ae412ca551a71d137edbc50067b8d6e84c15c4b494
postgresql-plpython3-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 8bce70053aaf7e09e062683d6ce848b0f7baf67384311fd2a6c4e8c4cebb223b
postgresql-plpython3-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: ebcd71312ae5f6facb9d5be3df11b1c07a709d9a1dd2ae5150008421440955bd
postgresql-pltcl-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: fefd6e6db7af7c179a1f3e061f9e0332b2267c44401037657acbd0cbd2050e83
postgresql-pltcl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: a677ecabebb156774acdab70defe77fb6aef9b96bdcf980c051eeeef7e4bf1c8
postgresql-server-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: af5e92721b6ce3b0c1cfeeebf00bb0ef6a43e41d2c60bd26f56a2886b614a692
postgresql-server-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: a79ee607cadb85187c600cfc56da09256ea3e5fca2e00f93c9309332bad3ec33
postgresql-server-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 006942d32ae6609ea16bd4a6678a71b01f83fd0fb4f95f749180db29dd463fba
postgresql-server-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 776a94360230af4fe48abedaa2ec2fd61dba847001d6f935f6044a6ab9901c2e
postgresql-static-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: b4b6d8eff50c53198301ff613199a6b4558f245dbc56f6af89536b57128bcdad
postgresql-test-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: cd51f99ee91afd610126a16740d4350f3142369ccb1a234085e7422a85895bc5
postgresql-test-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 187a93e3af9fb3b62d40606b26edb052367535e100ff0de18c634d1f92a58cbb
postgresql-upgrade-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 57816d71489b217e0726ec2a0e9f03f25feab44fa022ed173604446e8bf2ff11
postgresql-upgrade-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: db2955c0b77df1b05d3d87efab1b6870d3001c96cc926879891cca6eca255c04
postgresql-upgrade-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: a1160552b2bb6a5a2bc16748cf7d60c0c934b5a9bc2daa7733f43a825f9323b3
postgresql-upgrade-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.x86_64.rpm
SHA-256: 552f56c2dd93638ca4d62a2cc3ab63d81217465b4b24d10d8015028b6a5815ad
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm
SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.src.rpm
SHA-256: fd2cc44a7863e6d94be2ed0bdde701959ab8e9cb88983a81aced694f119b077f
s390x
postgresql-test-rpm-macros-13.10-1.module+el8.7.0+18279+1ca8cf12.noarch.rpm
SHA-256: a0196cdd533aeabcbaae4e7b75704af7ab4eac8a8cda43f9ba0db543c3a82de2
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm
SHA-256: 7a60a8ed33607145d43240aaf95141da8897d2114d285dd86004c3135a18e46d
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm
SHA-256: 60624bd5d1e587416bba26c08421a2533e0a079f6d20efb68d3df3f1acad429f
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm
SHA-256: 03c2192b73f553d942e2555859094980194492204a3f3fd2ddde792fa77233e0
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: f9cf8209959572394a7e03b2649dec1a39fda2b6ca6296690c70ba24405cb14b
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: d77338df6ffa262a52058e53f3c4c90f652b3a62b6b8540e91d74eef7916772a
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: 4002eb3f2d7127cbeccc94cbfae75577465e98aec4e7ec78c113948fec8e1c75
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: 760e222272cb60e98b19c48ca16bc0edcea65d2373aa0d58e5cd7808b6ba4aa6
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: e7f2a7185ab0073ae411a5d6ff7b86d0980192f064c0786cada8ab80ffb589ce
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm
SHA-256: b234ae1e6bb229ede778883dc38000f233a643a06118cb50861964dca424dff4
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 884dcd5aacde8598df0147fe188dc6f54e94e11211f56caee725c59c6dead3b8
postgresql-contrib-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: df66b39013401ce7487984eb1a71b70de90d5621ccf69388139203feb3395b67
postgresql-contrib-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: e9c5380746653892d9a17c04e3df06a192fa78065be10a3bfc852b7f46491972
postgresql-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 05239b98e81ba4b1a5e25c45734e8a36633bf090622104b21dbe45add14365b1
postgresql-debugsource-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: b7c94cf8b56bf52bbb4b7fa94f22a8ddbd6f849a059db75d9ce6c9b7cc5c9ac1
postgresql-docs-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: a28d1a8846e8fba6008dbd1f5248955b63723bc9db46d9a6536241bf466f4526
postgresql-docs-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 25313b3b8c3284dbdb94ebda6f7f62cb0b91ac9580eb1c94e193a5bb3ee857a7
postgresql-plperl-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 343caedccb15607c57cbfff7a4e3ae11edcbb353d4f5ae252392b3a0fa9e0123
postgresql-plperl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 8ff4118b89b38c300b453111a7d6905580f4f965ab0c2a70015b9d9fbed8ebaf
postgresql-plpython3-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: e5bc1cc3df8692b30f9b1763f5e8dfab2ecebb0bf44e371b2fe64c9b7a56adbe
postgresql-plpython3-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 39c682ca5ef20df035c0664aa4a832905be3c4dcfd189d82d7ae8480e8fb1858
postgresql-pltcl-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: a28ea5b1bae642145763eabaa799591055a61767b931c63df0abd704e231cce3
postgresql-pltcl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: faa230c63af60cd2b16999f351110379f59ef5389388e8489be058bd9fdddb53
postgresql-server-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: dbe1f7884a73b2509ec3a36cda3fc977df09b042b9cd30cbef10e80cf9395157
postgresql-server-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 855ebb4c3582ca0bc16fa7c8d9a00b020546af940e9bba998e5fa16d285bb834
postgresql-server-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 14867fcb8b4aae4b3c229f08d8b288a4c9b29b4ecf2c42f30a1c1bdb7d6f742f
postgresql-server-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: f274a60f55e6e0148930ac4ac3511457a3f7c8fef3997ede39786e56a62798c2
postgresql-static-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: beb1eb7401a88f86af3309ab8c486b154d91234349078189311d0c89b26ee0ac
postgresql-test-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 97dddd7d0a5c853f27102da0a960a4af40e55b55dc809ca109b617445db53c01
postgresql-test-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 11124977d70fb14f36939b08222e7a0da07bcfac18bceada247d790186d40cd8
postgresql-upgrade-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: e511b23a8dc7639e5be56809bb9e9e4c2aefc449450dec9fad97cf52f6382054
postgresql-upgrade-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: d3f76b8d198c00bc56c2b2841c66a659b3587cb8e92dbfcf25b1f9d6577b97ec
postgresql-upgrade-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 375996ada0b693c806b64f997f5daa373199a8360fa29c5e9345f180b0479978
postgresql-upgrade-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.s390x.rpm
SHA-256: 81c6f468adae0869e4f7a6e04cc32b122c2745aa2f6645fe9c0fbf3957e7ca51
Red Hat Enterprise Linux for Power, little endian 8
SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm
SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.src.rpm
SHA-256: fd2cc44a7863e6d94be2ed0bdde701959ab8e9cb88983a81aced694f119b077f
ppc64le
postgresql-test-rpm-macros-13.10-1.module+el8.7.0+18279+1ca8cf12.noarch.rpm
SHA-256: a0196cdd533aeabcbaae4e7b75704af7ab4eac8a8cda43f9ba0db543c3a82de2
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm
SHA-256: c47c8749586d66dcfd4962ec9569eb5998350ec9ad674928127b2c9d5b03fa96
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm
SHA-256: 8977835b7c78038685420c61c425e4320efec1ff33e3575b028101b83cd884e7
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm
SHA-256: eb456a74a0688a01a88c8f9f2f191d0b17b3cadf1225407495764d6ae4aade04
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: 9b26f16aba928fb478ebba330b899c4a4604e79c56253866c428ae8b60e93ed9
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: ec5bcbd6843e2525540ca758b317a568bb874c6cb01e6af84a3fe8c5de8129ec
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: 60786a39e82e43fbad96a9b9d23d6f0ee27fb3ae0260a6fcb26de8b1441cc963
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: ebc43f633c563a8acbc32322a3a37038f3df4b864c4c155e988317f3abb02157
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: 20a30321f5e2038ee6fa266037ad6e893e05460e449e5fa7a0dbce2fafff6e70
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm
SHA-256: 4468efa7f4edb7c037ae996285e9db41fba5a6417f0e762749e6b8d20e7faf3e
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 058db021d88a02fd4201f575c94935b384b5c4834ecf837b15c49e2615456eaa
postgresql-contrib-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 51e3b02771ec6b029dadea267217604c3fd5c104907dfb29a65376784d8ff348
postgresql-contrib-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 1b898ac061ba741b648cef5b72a99acf3c978f617a275b7a712b56a023fa458a
postgresql-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: ddd48bd7e7a5c647a7039e68117fce4bc48a17eb757ee812034eb82218801bac
postgresql-debugsource-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 258c2a9731c1643c180372fba23797eb693c0c30e21124f0b3ad38fe89cbb9a3
postgresql-docs-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 26655c705e31f5b348c2e2f51f0cb1ff063cd17cda959a5f00e904355db8694a
postgresql-docs-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 3f6c19a377094c341981198a12942d0878cfbd0dfa1ce922769d4ab966ecfab8
postgresql-plperl-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 9762345863c1e3a4012ff21166b206be4a7f83cf64cd126b4a4f3bf699b349f4
postgresql-plperl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 695628c50ddc246db6046d73013fe589caa30dfdc9d467c5e73f846c5781c2bc
postgresql-plpython3-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: cfde906d016641a5a8cc814d254e7de061032b96d152f61a1571370939162717
postgresql-plpython3-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 32820a481877132e5dd3c3567593cf59c13d4de7934d44d424885cba04fad14a
postgresql-pltcl-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: a43a88f9b6e874fd5c09e512714228ec1e64c8aa876b7f63140e035ae8d7d216
postgresql-pltcl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 2c9973b7aafdb78f91473796c94ed177c6442cf0b1a963354a2185aca0105f00
postgresql-server-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 6c8b400d47b720012adf1a9a8b8f1b598309f31a724966fc4e64c89e503cbdfc
postgresql-server-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: b7bce6b7c55633305f5666d41ad29254953c8ea86c94e41cebfde2533493617f
postgresql-server-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: fef24bcefb0b93a03f4ef44ec18cffb626cf4a357f7c9baefe3d938a9c127490
postgresql-server-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 3718c73e73d0f2277354872fa5d9358c85f9b66c7806c31f76b35ecaa2c8ed61
postgresql-static-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 0f9bfbe301dab1e1b79e6b4c92ecac88a343ad51053393672c50be74baca47a5
postgresql-test-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: f9a4b7b3c28a31c3a46cd198603a6f0bf739c05fa38569619c8a0ce786ee9f03
postgresql-test-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: cbdef96b42dd4349d2d8fa34664a8fc2a1f0bc6721e3af8c90c485a3693e4dfa
postgresql-upgrade-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: 9bbac1699e313aaf6d0efea81599633cadcf4047460e851098509d5b8e666775
postgresql-upgrade-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: d47e302ab204b7865ab36bfebb920b33525b6a3da35b3c09aaaaa70af69525cb
postgresql-upgrade-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: ce3e27706e62305760fcfefaffefbc120812a04def6c7bb4b8ed260fa23eb7f5
postgresql-upgrade-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.ppc64le.rpm
SHA-256: a244575e2f26ed8e86f07c5fdcde2c88d0afcec54c5fc0d5b6368c0fb398df13
Red Hat Enterprise Linux for ARM 64 8
SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm
SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm
SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.src.rpm
SHA-256: fd2cc44a7863e6d94be2ed0bdde701959ab8e9cb88983a81aced694f119b077f
aarch64
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm
SHA-256: d99a475a7b2d480cf0eed7edb22605138df7c08488b078ff14ed4eb6fbafa4b9
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm
SHA-256: 400f4c749664e4598b1a59e2332908e945722ce8e9d20920e556dcb583929adb
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm
SHA-256: 416a853a0cb4312bef48c911f4aa3c8ede9670c93787e30966fb137d99e7b6a7
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: 103aa3a6b510ad8e6245cf480e822813fbbad09c6e9605b8dadada683dfc5d81
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: 6927582959b55ae72af8cbcd1cbb4e4b87d0af6afeb674130d22e4012b81430f
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: c421803cce4119a2c933ecb3695bc3610197e99da86ed7ebafc0ae5cc4798ea4
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: ada397cf543fdd49e00066e8fd41e7a53fbd7222ceb2e8a1ad9895b40dc991f7
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: ffd0fc163297a18775abf4cfca0c60eff7f1c22a9a560a099d1249a9487eeab8
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm
SHA-256: fc532f6695c1f697afb3423500eecc2da90a8653f422fd7df258b471b99df3ec
postgresql-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 898029a0574894a968f116c648a49c82a6ffd532a666d6052d115935dd817d90
postgresql-contrib-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 0cf84395d735fb8d8fced9d62f3cf968d9a2e120b07570c13db53e536e5d187f
postgresql-contrib-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: c702fd5113a5878428327fcc86118793ce762f35e936592ff2b871816da8f0a6
postgresql-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: a085802437b6e8c5e7ad078c11d2aeb3e2bece7733c8222db9edae2d155ea2ea
postgresql-debugsource-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: aa35d582ff77e3bc433742c92af6342c6517e607667045b479345cc9c62cffed
postgresql-docs-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: ccf44d25fd29320b7ae9aea891b10ebbbd79601282cca6a82d7bd659ffc2fd22
postgresql-docs-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: cd5bbe35144a9ee3a37bc81f1505dfa8d4557a083c464ed26e3be7c10e2e4d51
postgresql-plperl-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 8d9c03e64207aa2d7e33b8d5573ed47800989c6ed3c7f8c525f11c79909d4e2b
postgresql-plperl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 7681803614a70fcf9f862bbb98d6353cada7d1f634f59a5ab9ddaabde89335d6
postgresql-plpython3-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 9bc4a6868f1aae9ae692dd1c3b98c8931ebad78aa8a0f750f8781fd696f4874b
postgresql-plpython3-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 7932a5f4d62dfe31baeb31f3fcdf2f9c0d5d46d443a79f91387d10dd52912695
postgresql-pltcl-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 49bbf12f8f19ff3a09f4ba079a6f05143dcb33ab18b6b4f3c47f76350e13af88
postgresql-pltcl-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 94b85aad07247cc114b3e35e84d54b9bc29ce1ba14f0144cf68957308995eb92
postgresql-server-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: b6463aaabe2bf489c974043f72decb7b12932810dbebf587afec8f2b325941c6
postgresql-server-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 5a9e24465f0c9a4d6082020f7e996c4c21a43dcd0a65565fc9bb7f5516687d00
postgresql-server-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: d84d3a61acdc40680e89179721d0481692749cdbe6c21a1916358ac0e1ef6cbc
postgresql-server-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 15b825f93fff4268d495686e17fd553c5a8025d8718567842627f1086aea79bc
postgresql-static-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: dc7fffbfc9fee590f1d5fb3aff3530196a783403da3cc30e924ccfcd17ac471c
postgresql-test-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: d1fa9e6cbff12c2e906ae7b45b51688e5ba7c676f5933391db5982c807434bd6
postgresql-test-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 00cd00dc4657ae8bb2eab3640cc237a96c650f1d04efab8bb5b71877caa0de4a
postgresql-test-rpm-macros-13.10-1.module+el8.7.0+18279+1ca8cf12.noarch.rpm
SHA-256: a0196cdd533aeabcbaae4e7b75704af7ab4eac8a8cda43f9ba0db543c3a82de2
postgresql-upgrade-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 551a0deba96c31f2765b6f97602c694dbae16dac43f8a5b660df03680bb25625
postgresql-upgrade-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 08a47987b8665e8bc513278c405a9b0478c4f98f30cc22be275ab4cfbbb07eb6
postgresql-upgrade-devel-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 6b30da9779477144b6878aea9ad327485f755233a1fc00a0e004bd4795eaccfb
postgresql-upgrade-devel-debuginfo-13.10-1.module+el8.7.0+18279+1ca8cf12.aarch64.rpm
SHA-256: 5f3479a34b87edde80d9c4e2213ed31de14ef00ac7604ed4695bfa64a178955b
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-7695-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7694-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7667-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7666-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-7545-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-4535-01 - PostgreSQL is an advanced object-relational database management system.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT ...
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Ubuntu Security Notice 5906-1 - Jacob Champion discovered that the PostgreSQL client incorrectly handled Kerberos authentication. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to obtain sensitive information.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0160-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.
Ubuntu Security Notice 5571-1 - Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated.
A vulnerability found in postgresql. On this security issue an attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in the core server, so there's no need to modify individual extensions.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.