Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:7128

Опубликовано: 25 окт. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
pgauditx86_645.module+el8.5.0+686+20453eccpgaudit-1.4.0-5.module+el8.5.0+686+20453ecc.x86_64.rpm
pg_repackx86_643.module+el8.5.0+684+c3892ef9pg_repack-1.4.6-3.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgres-decoderbufsx86_642.module+el8.5.0+684+c3892ef9postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgresqlx86_641.module+el8.6.0+1049+f8fc4c36postgresql-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-contribx86_641.module+el8.6.0+1049+f8fc4c36postgresql-contrib-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-docsx86_641.module+el8.6.0+1049+f8fc4c36postgresql-docs-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-plperlx86_641.module+el8.6.0+1049+f8fc4c36postgresql-plperl-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-plpython3x86_641.module+el8.6.0+1049+f8fc4c36postgresql-plpython3-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-pltclx86_641.module+el8.6.0+1049+f8fc4c36postgresql-pltcl-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm
postgresql-serverx86_641.module+el8.6.0+1049+f8fc4c36postgresql-server-12.12-1.module+el8.6.0+1049+f8fc4c36.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-2625

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-2625

CVSS3: 8
ubuntu
почти 3 года назад

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

redhat логотип

CVE-2022-2625

CVSS3: 7.1
redhat
почти 3 года назад

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

nvd логотип

CVE-2022-2625

CVSS3: 8
nvd
почти 3 года назад

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

msrc логотип

CVE-2022-2625

CVSS3: 8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-2625

CVSS3: 8
debian
почти 3 года назад

A vulnerability was found in PostgreSQL. This attack requires permissi ...