Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:1576

Опубликовано: 06 апр. 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

  • postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
pgauditx86_641.module+el8.5.0+684+c3892ef9pgaudit-1.5.0-1.module+el8.5.0+684+c3892ef9.x86_64.rpm
pg_repackx86_643.module+el8.5.0+684+c3892ef9pg_repack-1.4.6-3.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgres-decoderbufsx86_642.module+el8.5.0+684+c3892ef9postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpm
postgresqlx86_641.module+el8.7.0+1175+026203e7postgresql-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-contribx86_641.module+el8.7.0+1175+026203e7postgresql-contrib-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-docsx86_641.module+el8.7.0+1175+026203e7postgresql-docs-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-plperlx86_641.module+el8.7.0+1175+026203e7postgresql-plperl-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-plpython3x86_641.module+el8.7.0+1175+026203e7postgresql-plpython3-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-pltclx86_641.module+el8.7.0+1175+026203e7postgresql-pltcl-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm
postgresql-serverx86_641.module+el8.7.0+1175+026203e7postgresql-server-13.10-1.module+el8.7.0+1175+026203e7.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-2625
CVE-2022-41862

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2023-1693

oracle-oval
почти 3 года назад

ELSA-2023-1693: postgresql security update (MODERATE)

oracle-oval логотип

ELSA-2023-1576

oracle-oval
почти 3 года назад

ELSA-2023-1576: postgresql:13 security update (MODERATE)

ubuntu логотип

CVE-2022-41862

CVSS3: 3.7
ubuntu
почти 3 года назад

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

redhat логотип

CVE-2022-41862

CVSS3: 3.7
redhat
почти 3 года назад

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

nvd логотип

CVE-2022-41862

CVSS3: 3.7
nvd
почти 3 года назад

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.