Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:4771

Опубликовано: 30 мая 2022
Источник: rocky
Оценка: Important

Описание

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (13.7).

Security Fix(es):

  • postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
postgresqlx86_641.el9_0postgresql-13.7-1.el9_0.x86_64.rpm
postgresql-contribx86_641.el9_0postgresql-contrib-13.7-1.el9_0.x86_64.rpm
postgresql-plperlx86_641.el9_0postgresql-plperl-13.7-1.el9_0.x86_64.rpm
postgresql-plpython3x86_641.el9_0postgresql-plpython3-13.7-1.el9_0.x86_64.rpm
postgresql-pltclx86_641.el9_0postgresql-pltcl-13.7-1.el9_0.x86_64.rpm
postgresql-private-libsx86_641.el9_0postgresql-private-libs-13.7-1.el9_0.x86_64.rpm
postgresql-serverx86_641.el9_0postgresql-server-13.7-1.el9_0.x86_64.rpm
postgresql-upgradex86_641.el9_0postgresql-upgrade-13.7-1.el9_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1552

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1552

CVSS3: 8.8
ubuntu
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

redhat логотип

CVE-2022-1552

CVSS3: 8.8
redhat
около 3 лет назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

nvd логотип

CVE-2022-1552

CVSS3: 8.8
nvd
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

msrc логотип

CVE-2022-1552

CVSS3: 8.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-1552

CVSS3: 8.8
debian
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete effo ...