Headline
RHSA-2022:4913: Red Hat Security Advisory: rh-postgresql10-postgresql security update
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-06-06
Updated:
2022-06-06
RHSA-2022:4913 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: rh-postgresql10-postgresql security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.21).
Security Fix(es):
- postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox (CVE-2022-1552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted after installing this update.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.21-1.el7.src.rpm
SHA-256: bfdbb59ad0c104372c967815b277bd067295ce5b77e0b0afdf55e5232c9891ed
x86_64
rh-postgresql10-postgresql-10.21-1.el7.x86_64.rpm
SHA-256: 26b6d33da5689a6a0a7c41bddd6492c4720ee94bec1e4bfeab2f3460b3f341fb
rh-postgresql10-postgresql-contrib-10.21-1.el7.x86_64.rpm
SHA-256: d206d56688f8aa878867c7459f50822eb514374cb91bcc353f2a7108512b8805
rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 00fe1558631fe2625a2e428ad88364f0f23d39989598353a029e12f65f26d291
rh-postgresql10-postgresql-debuginfo-10.21-1.el7.x86_64.rpm
SHA-256: 608d27bf971d15b33f48c2d41a19f7d98a5e975b439e93c738684a72645fb239
rh-postgresql10-postgresql-devel-10.21-1.el7.x86_64.rpm
SHA-256: 37ca78e408c3b1ab0bdca5a1f3eb78797deff26ca914eb46641ca9177678417c
rh-postgresql10-postgresql-docs-10.21-1.el7.x86_64.rpm
SHA-256: 56bdad1f5abc1f764fb0041e29d7e03daeba90655413f66accc5d8949efb02e0
rh-postgresql10-postgresql-libs-10.21-1.el7.x86_64.rpm
SHA-256: ec478af3fbdc2665f7a81f86206b013ea7a045ed119899a384e64a9d1165e010
rh-postgresql10-postgresql-plperl-10.21-1.el7.x86_64.rpm
SHA-256: 5d6f1deb580442bf8bf4891e8fb1cca71dc9a21fc378e6d2dc8b139c43a13bba
rh-postgresql10-postgresql-plpython-10.21-1.el7.x86_64.rpm
SHA-256: 2a125a85d63d202422609cb2f3a7d164f4c63ee86bbc8b7907cb25a4fcee6c9d
rh-postgresql10-postgresql-pltcl-10.21-1.el7.x86_64.rpm
SHA-256: 7690701f99af58889a7d8e01e7e6bc45d091329069f8a9710ce7556dcbac43f9
rh-postgresql10-postgresql-server-10.21-1.el7.x86_64.rpm
SHA-256: 7f868d0573c179f0cfeb264b6c7159fe3b6704074a931d668df2f26ffa07c4b4
rh-postgresql10-postgresql-server-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 6c0e05f6597cec0dd01137c6a243daddb0da763907a0bf713275918e71c2527c
rh-postgresql10-postgresql-static-10.21-1.el7.x86_64.rpm
SHA-256: 0343890b805a19214c882fc2f5ba6599f00aa85f108b3c96029c088df4db27a7
rh-postgresql10-postgresql-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 2bd34ba5e75555f52cef5583dde8247322c672f99d679d9ea43f7b46d93d6cc9
rh-postgresql10-postgresql-test-10.21-1.el7.x86_64.rpm
SHA-256: 98cd05f638e4b610dff680b04013235db65c46ff89f80fee41952ebdd29520d2
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.21-1.el7.src.rpm
SHA-256: bfdbb59ad0c104372c967815b277bd067295ce5b77e0b0afdf55e5232c9891ed
s390x
rh-postgresql10-postgresql-10.21-1.el7.s390x.rpm
SHA-256: 361b1085037069d13e5da8063f096d3423d6a09a37fb1179a7df272fc868dc4c
rh-postgresql10-postgresql-contrib-10.21-1.el7.s390x.rpm
SHA-256: 4eb2b3665e785e8eda3988e5c54ce83395c01cabe3e674d710bf93f9664b525d
rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7.s390x.rpm
SHA-256: f821528dc0747b75a65005e81595f6c50f3b453d6054156b10fafe6aa98df482
rh-postgresql10-postgresql-debuginfo-10.21-1.el7.s390x.rpm
SHA-256: 5c0837b4a793d2fa142a0058734cd3d0634153fc60c99dbd3df3da26a99ff579
rh-postgresql10-postgresql-devel-10.21-1.el7.s390x.rpm
SHA-256: 2134d260f3f31cb48443221279605433c2b2d653522fa48d7aed3361039cf8e9
rh-postgresql10-postgresql-docs-10.21-1.el7.s390x.rpm
SHA-256: 1766ca5464d4db0a071369553f767b71cc5283f9786211d195eb5eeefa84e7cb
rh-postgresql10-postgresql-libs-10.21-1.el7.s390x.rpm
SHA-256: e87796d735fe5ada2dd17c9560c7778a23982749b571a5bc66068ddab7264244
rh-postgresql10-postgresql-plperl-10.21-1.el7.s390x.rpm
SHA-256: f2d4018f744b5c87adef4cdb555267e4978d24f4b87b84e497841fdfb54cbc88
rh-postgresql10-postgresql-plpython-10.21-1.el7.s390x.rpm
SHA-256: 855b533662ad14dfdcea67d57085355b6657a99ed8c4ed4d226b3cb0e99e3920
rh-postgresql10-postgresql-pltcl-10.21-1.el7.s390x.rpm
SHA-256: 9310430bb3b6344e853a7ff3aa37d0d8da59e40a243f2129096ad99a3870dccc
rh-postgresql10-postgresql-server-10.21-1.el7.s390x.rpm
SHA-256: 9c2173b31268a8feca58517b4f3c25d8d1c3b170eb2edb033c454555bf308414
rh-postgresql10-postgresql-server-syspaths-10.21-1.el7.s390x.rpm
SHA-256: f7d0f664a7e4c4609516970c56b4e46e1972f952532d24bb945b22500ac512a6
rh-postgresql10-postgresql-static-10.21-1.el7.s390x.rpm
SHA-256: da701c8910bebef3f00ecbe20540697ec0f1c63270f4f0440fc45ffebb334791
rh-postgresql10-postgresql-syspaths-10.21-1.el7.s390x.rpm
SHA-256: 1cdb08f6ea4ab4f6ac2d7a6250b9332f79ddbe5678d0f2967245fe279a6ff237
rh-postgresql10-postgresql-test-10.21-1.el7.s390x.rpm
SHA-256: 001df253b2cd183e9d5bd04c4a3b1c62458bbe7810776a7a4b5f33957823e61d
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.21-1.el7.src.rpm
SHA-256: bfdbb59ad0c104372c967815b277bd067295ce5b77e0b0afdf55e5232c9891ed
ppc64le
rh-postgresql10-postgresql-10.21-1.el7.ppc64le.rpm
SHA-256: ab51ec195e7e123f1eac8fbea1167b50a05e74fe69ee6664b12cbe05fa5b3d0a
rh-postgresql10-postgresql-contrib-10.21-1.el7.ppc64le.rpm
SHA-256: 8aa66b64ea325e8f0ad8febf822ab7070bdbcae343cb529e2648e9bf8bae2e8a
rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7.ppc64le.rpm
SHA-256: 3c442457c5e5529cf9ceae909493a97235de8bad442df864c85cda7b76201186
rh-postgresql10-postgresql-debuginfo-10.21-1.el7.ppc64le.rpm
SHA-256: e3f1459925e69b690f201ae12bce1f3eacab812b4145835f4e2f18a6261fcec1
rh-postgresql10-postgresql-devel-10.21-1.el7.ppc64le.rpm
SHA-256: a255fa8616129de64d119d66bcfafd5bc71620ccde2789f56504c7bbd6ffcd84
rh-postgresql10-postgresql-docs-10.21-1.el7.ppc64le.rpm
SHA-256: 7e402ea0074d5cb236dda6cea8daecb9e4dc7ba4406eefeb31b474b99efcc157
rh-postgresql10-postgresql-libs-10.21-1.el7.ppc64le.rpm
SHA-256: a2a852e272bc013e75baea622aa11b3bc1ce86604dedd7875fb309f180ec39be
rh-postgresql10-postgresql-plperl-10.21-1.el7.ppc64le.rpm
SHA-256: 3ae91e4563787f170c6f5156d7086f8eb876048876793817ab4bb35481d24dd0
rh-postgresql10-postgresql-plpython-10.21-1.el7.ppc64le.rpm
SHA-256: e383cd6faf75d0dd225e7d3fab2197bdacb48d296264f53cf94baa38aba5f9a0
rh-postgresql10-postgresql-pltcl-10.21-1.el7.ppc64le.rpm
SHA-256: 553041b3a29869ea7ea9af729eaa5416e319ffa5feed31737b3e5f3a14183ad6
rh-postgresql10-postgresql-server-10.21-1.el7.ppc64le.rpm
SHA-256: ff3f5b3142a240fb4d299899c001d62fb66eb09e94ed4a576beb8b4ff3568f80
rh-postgresql10-postgresql-server-syspaths-10.21-1.el7.ppc64le.rpm
SHA-256: 38ff7bbf31d2696502496951f96afae2284c6280b92fe428e8ee8b585199448f
rh-postgresql10-postgresql-static-10.21-1.el7.ppc64le.rpm
SHA-256: b52a09ccf8762a82b0eb0eaadbedd369145dcfafb2973ceeefeda952dfd63310
rh-postgresql10-postgresql-syspaths-10.21-1.el7.ppc64le.rpm
SHA-256: d698c47e82df4a1eed57c2d23210c69def62ee52b86ec85ae6b3f110be3aef65
rh-postgresql10-postgresql-test-10.21-1.el7.ppc64le.rpm
SHA-256: 0f544cce0779ec52a507934ec99be9e1da72a0af19128a6b3f4aac469b98c663
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-postgresql10-postgresql-10.21-1.el7.src.rpm
SHA-256: bfdbb59ad0c104372c967815b277bd067295ce5b77e0b0afdf55e5232c9891ed
x86_64
rh-postgresql10-postgresql-10.21-1.el7.x86_64.rpm
SHA-256: 26b6d33da5689a6a0a7c41bddd6492c4720ee94bec1e4bfeab2f3460b3f341fb
rh-postgresql10-postgresql-contrib-10.21-1.el7.x86_64.rpm
SHA-256: d206d56688f8aa878867c7459f50822eb514374cb91bcc353f2a7108512b8805
rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 00fe1558631fe2625a2e428ad88364f0f23d39989598353a029e12f65f26d291
rh-postgresql10-postgresql-debuginfo-10.21-1.el7.x86_64.rpm
SHA-256: 608d27bf971d15b33f48c2d41a19f7d98a5e975b439e93c738684a72645fb239
rh-postgresql10-postgresql-devel-10.21-1.el7.x86_64.rpm
SHA-256: 37ca78e408c3b1ab0bdca5a1f3eb78797deff26ca914eb46641ca9177678417c
rh-postgresql10-postgresql-docs-10.21-1.el7.x86_64.rpm
SHA-256: 56bdad1f5abc1f764fb0041e29d7e03daeba90655413f66accc5d8949efb02e0
rh-postgresql10-postgresql-libs-10.21-1.el7.x86_64.rpm
SHA-256: ec478af3fbdc2665f7a81f86206b013ea7a045ed119899a384e64a9d1165e010
rh-postgresql10-postgresql-plperl-10.21-1.el7.x86_64.rpm
SHA-256: 5d6f1deb580442bf8bf4891e8fb1cca71dc9a21fc378e6d2dc8b139c43a13bba
rh-postgresql10-postgresql-plpython-10.21-1.el7.x86_64.rpm
SHA-256: 2a125a85d63d202422609cb2f3a7d164f4c63ee86bbc8b7907cb25a4fcee6c9d
rh-postgresql10-postgresql-pltcl-10.21-1.el7.x86_64.rpm
SHA-256: 7690701f99af58889a7d8e01e7e6bc45d091329069f8a9710ce7556dcbac43f9
rh-postgresql10-postgresql-server-10.21-1.el7.x86_64.rpm
SHA-256: 7f868d0573c179f0cfeb264b6c7159fe3b6704074a931d668df2f26ffa07c4b4
rh-postgresql10-postgresql-server-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 6c0e05f6597cec0dd01137c6a243daddb0da763907a0bf713275918e71c2527c
rh-postgresql10-postgresql-static-10.21-1.el7.x86_64.rpm
SHA-256: 0343890b805a19214c882fc2f5ba6599f00aa85f108b3c96029c088df4db27a7
rh-postgresql10-postgresql-syspaths-10.21-1.el7.x86_64.rpm
SHA-256: 2bd34ba5e75555f52cef5583dde8247322c672f99d679d9ea43f7b46d93d6cc9
rh-postgresql10-postgresql-test-10.21-1.el7.x86_64.rpm
SHA-256: 98cd05f638e4b610dff680b04013235db65c46ff89f80fee41952ebdd29520d2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat OpenShift Container Platform release 3.11.784 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4915-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4893-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4895-01 - PostgreSQL is an advanced object-relational database management system.
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
Red Hat Security Advisory 2022-4855-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-4856-01 - PostgreSQL is an advanced object-relational database management system.
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
Red Hat Security Advisory 2022-4807-01 - PostgreSQL is an advanced object-relational database management system.