RLSA-2024:10832

Security

Mirrored from RHSA-2024:10832

Issued at: 2024-12-19

Updated at: 2024-12-19

Synopsis

Important: postgresql:13 security update

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (CVE-2024-10978)

* postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code (CVE-2024-10979)

* postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes (CVE-2024-10976)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2326251

2326253

2326263

CVEs

CVE-2024-10976

CVE-2024-10978

CVE-2024-10979

Affected packages

Rocky Linux 8 aarch64 - AppStream

pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm

pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.src.rpm

pgaudit-debuginfo-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm

pgaudit-debugsource-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm

pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm

pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.src.rpm

pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm

pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm

postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm

postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.src.rpm

postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm

postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm

postgresql-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-0:13.18-1.module+el8.10.0+1898+8409d9ae.src.rpm

postgresql-contrib-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-contrib-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-debugsource-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-docs-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-docs-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-plperl-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-plperl-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-plpython3-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-plpython3-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-pltcl-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-pltcl-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-server-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-server-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-server-devel-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-server-devel-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-static-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-test-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-test-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-test-rpm-macros-0:13.18-1.module+el8.10.0+1898+8409d9ae.noarch.rpm

postgresql-upgrade-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-upgrade-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-upgrade-devel-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

postgresql-upgrade-devel-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.src.rpm

pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.x86_64.rpm

pgaudit-debuginfo-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.x86_64.rpm

pgaudit-debugsource-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.x86_64.rpm

pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.src.rpm

pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm

pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm

pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm

postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.src.rpm

postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm

postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm

postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm

postgresql-0:13.18-1.module+el8.10.0+1898+8409d9ae.src.rpm

postgresql-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-contrib-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-contrib-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-debugsource-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-docs-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-docs-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-plperl-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-plperl-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-plpython3-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-plpython3-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-pltcl-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-pltcl-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-server-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-server-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-server-devel-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-server-devel-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-static-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-test-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-test-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-test-rpm-macros-0:13.18-1.module+el8.10.0+1898+8409d9ae.noarch.rpm

postgresql-upgrade-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-upgrade-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-upgrade-devel-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm

postgresql-upgrade-devel-debuginfo-0:13.18-1.module+el8.10.0+1898+8409d9ae.x86_64.rpm