Описание
ELSA-2024-5999: postgresql security update (IMPORTANT)
[13.16-1.0.1]
- Remove non ASCII character from changelog date
[13.16-1]
- Update to 13.16
[13.14-2]
- Remove /var/run/postgresql
- Related: RHEL-25756
[13.14-1]
- Update to 13.14
- Fix CVE-2024-0985
[13.13-1]
- Update to 13.13
- Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417
- Resolves: RHEL-5567
[13.11-1]
- Update to 13.11
- Resolves: #2207935
- Tue Feb 28 2023 Filip Janus fjanus@redhat.com - 13.10-1
- Update to 13.10
- Resolves: #2114734
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
postgresql
13.16-1.0.1.el9_4
postgresql-contrib
13.16-1.0.1.el9_4
postgresql-docs
13.16-1.0.1.el9_4
postgresql-plperl
13.16-1.0.1.el9_4
postgresql-plpython3
13.16-1.0.1.el9_4
postgresql-pltcl
13.16-1.0.1.el9_4
postgresql-private-devel
13.16-1.0.1.el9_4
postgresql-private-libs
13.16-1.0.1.el9_4
postgresql-server
13.16-1.0.1.el9_4
postgresql-server-devel
13.16-1.0.1.el9_4
postgresql-static
13.16-1.0.1.el9_4
postgresql-test
13.16-1.0.1.el9_4
postgresql-upgrade
13.16-1.0.1.el9_4
postgresql-upgrade-devel
13.16-1.0.1.el9_4
Oracle Linux x86_64
postgresql
13.16-1.0.1.el9_4
postgresql-contrib
13.16-1.0.1.el9_4
postgresql-docs
13.16-1.0.1.el9_4
postgresql-plperl
13.16-1.0.1.el9_4
postgresql-plpython3
13.16-1.0.1.el9_4
postgresql-pltcl
13.16-1.0.1.el9_4
postgresql-private-devel
13.16-1.0.1.el9_4
postgresql-private-libs
13.16-1.0.1.el9_4
postgresql-server
13.16-1.0.1.el9_4
postgresql-server-devel
13.16-1.0.1.el9_4
postgresql-static
13.16-1.0.1.el9_4
postgresql-test
13.16-1.0.1.el9_4
postgresql-upgrade
13.16-1.0.1.el9_4
postgresql-upgrade-devel
13.16-1.0.1.el9_4
Связанные CVE
Связанные уязвимости
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...