ELSA-2024-10882

Опубликовано: 23 дек. 2024

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2024-10882: postgresql security update (IMPORTANT)

[9.2.24-9.0.3]

Fixes CVE-2024-10979 where environment variable mutations [Orabug: 37370704]
are incorrectly allowed from trusted PL/Perl code

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

postgresql

9.2.24-9.0.3.el7_9

postgresql-contrib

9.2.24-9.0.3.el7_9

postgresql-devel

9.2.24-9.0.3.el7_9

postgresql-docs

9.2.24-9.0.3.el7_9

postgresql-libs

9.2.24-9.0.3.el7_9

postgresql-plperl

9.2.24-9.0.3.el7_9

postgresql-plpython

9.2.24-9.0.3.el7_9

postgresql-pltcl

9.2.24-9.0.3.el7_9

postgresql-server

9.2.24-9.0.3.el7_9

postgresql-test

9.2.24-9.0.3.el7_9

postgresql-static

9.2.24-9.0.3.el7_9

postgresql-upgrade

9.2.24-9.0.3.el7_9

Oracle Linux x86_64

postgresql-static

9.2.24-9.0.3.el7_9

postgresql-upgrade

9.2.24-9.0.3.el7_9

postgresql

9.2.24-9.0.3.el7_9

postgresql-contrib

9.2.24-9.0.3.el7_9

postgresql-devel

9.2.24-9.0.3.el7_9

postgresql-docs

9.2.24-9.0.3.el7_9

postgresql-libs

9.2.24-9.0.3.el7_9

postgresql-plperl

9.2.24-9.0.3.el7_9

postgresql-plpython

9.2.24-9.0.3.el7_9

postgresql-pltcl

9.2.24-9.0.3.el7_9

postgresql-server

9.2.24-9.0.3.el7_9

postgresql-test

9.2.24-9.0.3.el7_9

Связанные CVE

CVE-2024-10979

Ссылки на источники

Связанные уязвимости

CVE-2024-10979

CVSS3: 8.8

ubuntu

7 месяцев назад

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.