Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:4855

Опубликовано: 01 июн. 2022
Источник: rocky
Оценка: Important

Описание

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (13.7).

Security Fix(es):

  • postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
pgauditx86_641.module+el8.5.0+684+c3892ef9pgaudit-1.5.0-1.module+el8.5.0+684+c3892ef9.x86_64.rpm
pg_repackx86_643.module+el8.5.0+684+c3892ef9pg_repack-1.4.6-3.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgres-decoderbufsx86_642.module+el8.5.0+684+c3892ef9postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgresqlx86_642.module+el8.6.0+980+9caa008apostgresql-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-contribx86_642.module+el8.6.0+980+9caa008apostgresql-contrib-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-docsx86_642.module+el8.6.0+980+9caa008apostgresql-docs-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-plperlx86_642.module+el8.6.0+980+9caa008apostgresql-plperl-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-plpython3x86_642.module+el8.6.0+980+9caa008apostgresql-plpython3-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-pltclx86_642.module+el8.6.0+980+9caa008apostgresql-pltcl-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm
postgresql-serverx86_642.module+el8.6.0+980+9caa008apostgresql-server-13.7-2.module+el8.6.0+980+9caa008a.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1552

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1552

CVSS3: 8.8
ubuntu
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

redhat логотип

CVE-2022-1552

CVSS3: 8.8
redhat
около 3 лет назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

nvd логотип

CVE-2022-1552

CVSS3: 8.8
nvd
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

msrc логотип

CVE-2022-1552

CVSS3: 8.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-1552

CVSS3: 8.8
debian
почти 3 года назад

A flaw was found in PostgreSQL. There is an issue with incomplete effo ...