Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:4805

Опубликовано: 30 мая 2022
Источник: rocky
Оценка: Important

Описание

Important: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (10.21).

Security Fix(es):

  • postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
postgresqlx86_642.module+el8.6.0+977+ab6e685cpostgresql-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-contribx86_642.module+el8.6.0+977+ab6e685cpostgresql-contrib-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-docsx86_642.module+el8.6.0+977+ab6e685cpostgresql-docs-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-plperlx86_642.module+el8.6.0+977+ab6e685cpostgresql-plperl-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-plpython3x86_642.module+el8.6.0+977+ab6e685cpostgresql-plpython3-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-pltclx86_642.module+el8.6.0+977+ab6e685cpostgresql-pltcl-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-serverx86_642.module+el8.6.0+977+ab6e685cpostgresql-server-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-server-develx86_642.module+el8.6.0+977+ab6e685cpostgresql-server-devel-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-staticx86_642.module+el8.6.0+977+ab6e685cpostgresql-static-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm
postgresql-testx86_642.module+el8.6.0+977+ab6e685cpostgresql-test-10.21-2.module+el8.6.0+977+ab6e685c.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1552

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1552

CVSS3: 8.8
ubuntu
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

redhat логотип

CVE-2022-1552

CVSS3: 8.8
redhat
около 3 лет назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

nvd логотип

CVE-2022-1552

CVSS3: 8.8
nvd
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

msrc логотип

CVE-2022-1552

CVSS3: 8.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-1552

CVSS3: 8.8
debian
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete effo ...