ALSA-2024:10830

[ALSA-2024:10830] Important: postgresql:15 security update

Type:

security

Severity:

important

Release date:

2024-12-10

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).  

Security Fix(es):  

  * postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (CVE-2024-10978)
  * postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code (CVE-2024-10979)
  * postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes (CVE-2024-10976)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	pg_repack-1.4.8-1.module_el8.9.0+3706+885c732e.aarch64.rpm	0d00727f0324d8f17e570ecd7c60540054ee7db14e75c7096d70e50c29182e3a
aarch64	postgresql-plpython3-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	2295d5e53184e1fd1092e6db2eb2f9228cc0a5c3cc98a87596cb42bbc7a48274
aarch64	postgresql-server-devel-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	2575bb2b6b8088eac55780067594a925509a68cb37271014729431ed5d9b8eea
aarch64	postgres-decoderbufs-1.9.7-1.Final.module_el8.9.0+3706+885c732e.aarch64.rpm	2883c59bbad57293c2c9c8afeed6c3284983667c90aca5c224fe1b7e159f4539
aarch64	postgresql-plperl-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	2a64b5948e2382a883433392f985af0e496d7976daca53cbb6d5920e9d2818ec
aarch64	pgaudit-1.7.0-1.module_el8.9.0+3706+885c732e.aarch64.rpm	2fde2ee0f51f343ae3a6c7454b7c4c83b49112072dcf17c2adb44824f0fb3a66
aarch64	postgresql-private-libs-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	32a88c1b536480ed8e418ad99d276cf99b87fe9a607b28628c94a00ab127e9df
aarch64	postgresql-contrib-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	40e866d0a867efffbd02d2be558db759fd4306ec160e04cca19a39f195f504e1
aarch64	postgresql-upgrade-devel-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	459783471320190e1fa7e573920a25d3c6169eaa6cdb9115a2153e53ada0d791
aarch64	postgresql-upgrade-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	6a746c360dc3ae523be48b71f7dba1cf328e263ee7205741b01f5c98064697b2
aarch64	postgresql-docs-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	6c821225408a96abf1ef839191e77f919a12bdb723d95bbb5171f7e2c3d31391
aarch64	postgresql-test-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	a42217ccffe6871334f9720eee0bc1798d94f90ea9ee854e14ff9e42933d647a
aarch64	postgresql-private-devel-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	ad44a3d1505551d9734a26e45b21949a533516305daffa349b1cd160b1c92849
aarch64	postgresql-server-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	d41bd07776763c322626190254622c96b1b2cedcfd4929cb949788fd1bdc7039
aarch64	postgresql-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	d6e7dce01cc8717326a23d0f2f771470d377ab7e14d2667b06a4189f08b0ff69
aarch64	postgresql-pltcl-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	f2e19500f7f433ac392fbd99654de89415cd71f05ff7fc48208465ffe02a25bc
aarch64	postgresql-static-15.10-1.module_el8.10.0+3929+38258aa5.aarch64.rpm	f4714b8e54490fc19ce95861a6630021ba763a92ac47e883f4e6dfbf4a04aaaf
noarch	postgresql-test-rpm-macros-15.10-1.module_el8.10.0+3929+38258aa5.noarch.rpm	509db30b29eed5420d8232eb40344b00adf960fb49b9732bf679f4c59304d1eb
ppc64le	postgresql-private-devel-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	098538b5d164e9f4e23019028776db5b984675f8b1ce9660f4f299b082ceab44
ppc64le	postgresql-static-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	0a18507c79444d8ac1bfcd45220e1929e36226afb5d8976f4a0a0f441e898b24
ppc64le	pgaudit-1.7.0-1.module_el8.9.0+3706+885c732e.ppc64le.rpm	0d310f491164ed0964f87af87b0986a6332dba9d9e35cd0b4afdc84be5d2cbd0
ppc64le	postgresql-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	10e4422abd8909f68c0e213cdae24591a76ce4c5989c89b6de1acb5484cb6703
ppc64le	postgresql-test-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	23e846c265f259a1ca2b1ae1062e31aac883e0972778adbe248ef22c8e800972
ppc64le	postgres-decoderbufs-1.9.7-1.Final.module_el8.9.0+3706+885c732e.ppc64le.rpm	405a9312f1e964d4dcc0fce38d137c9eafdff384c6fd48e46eea97c7dee74c40
ppc64le	postgresql-pltcl-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	440998bc22de987db031abd91ef0ea414cd96b09e38b0392b2d3ac8c3707d78d
ppc64le	postgresql-upgrade-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	4d45253223d20864ca93062ad039e3fc37bcd1a3a4d430cc7607cd24c951dc5f
ppc64le	postgresql-server-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	5ed07fdb4c1f093e9d26d310fb7bc727de9845dd1ec57183827ac2ec5382a7b5
ppc64le	postgresql-plpython3-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	69bf71993713aab7f52358f88108a61c93fc35d810f260455fdfe3a7d8834aea
ppc64le	postgresql-private-libs-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	8881d0cabd7f67957315477353b5c865f1f0e920bddae50db13f7da262588a41
ppc64le	pg_repack-1.4.8-1.module_el8.9.0+3706+885c732e.ppc64le.rpm	96f58e742bb6823cd6dbb895a7bbb7522964440c80ca4a2bd4da32753e4f1e42
ppc64le	postgresql-plperl-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	a08ccf7f032394c95e3d248a73c9c94bf37cf77265ae216c56334494765cfa05
ppc64le	postgresql-contrib-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	e327a34da511787f9f7cee11975e6683d3529f8c1c1f617da0b11b4e755aecb3
ppc64le	postgresql-server-devel-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	ebee2e612a0c521b7985a18f25951a551e7e716c236b123a85be17ac53dbcfd0
ppc64le	postgresql-upgrade-devel-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	f082d847bf243a2289deafbc0dfd6c614f6a9aff1e1ca8539bba1b1650d2fe5b
ppc64le	postgresql-docs-15.10-1.module_el8.10.0+3929+38258aa5.ppc64le.rpm	fd6efe2d3c2e4c20c63bbf997af0e05d62c023f2253e942082a553b6e1cddcfa
s390x	postgresql-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	091d08f73aa7dc2da60cf763593dc8ef39c5beb5adf66643fbe2a78a0920f5a5
s390x	postgresql-private-libs-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	0b581641ccf59d44bf7164f5a0a7fd3be7331f053e8c72777236f754056aaf89
s390x	postgresql-static-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	2713715f2015447c9d26b7b34a4093df2775e3b4bfd4aac45510a6e776410196
s390x	postgresql-server-devel-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	43f5f579f39eaac9369d38b1839aa78ac5eae7be8650605a29c0748007193ff8
s390x	postgresql-test-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	4e394c33ef53290833cb667fff582e643aa80107f334a27346e17c0121753a5f
s390x	postgresql-docs-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	6d170f8d93655e80d2432b72c9fad0285d53a85dd13d402c570512e44359d2a2
s390x	pg_repack-1.4.8-1.module_el8.9.0+3706+885c732e.s390x.rpm	7fbd57e759f737f8bc3c7bc2715300640b00ae84ed9b74d469be03ee537d20b9
s390x	postgresql-contrib-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	87ff8d9160f3d1cf70c9ef862064d04851e696e58b10ebb55178ffdbf90d063d
s390x	postgresql-upgrade-devel-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	8ba780ad8f35215f3604d0500318ae1347694a99d70c74ad1b056f7bb979ce29
s390x	postgresql-pltcl-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	8f98fb918d72683ad0da0853c3b762597f35d61155970159df559fba216786e0
s390x	postgresql-plperl-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	b1625bed5647335f6857c9648811f55f9d8a0cfaad5eb05408bfd9dfd0b5634b
s390x	postgresql-server-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	b7e9eb44f8806d3eeabd5cf4514d0a953755121ba23e752f480cdc6dd58e607c
s390x	pgaudit-1.7.0-1.module_el8.9.0+3706+885c732e.s390x.rpm	bebebc0b85b4d88d466cf43a44e5ae321c851b621377e2c96e1564cf00fd07bd
s390x	postgresql-upgrade-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	c01117d0288ef0904fc53cc4dad8b20f58c1b6eb287ff6e2094933fecd17a661
s390x	postgresql-plpython3-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	c25152df1a550e9958fd5d1b33391337f4530a7ef999cf0583b8a09fbbe8fc07
s390x	postgres-decoderbufs-1.9.7-1.Final.module_el8.9.0+3706+885c732e.s390x.rpm	d93f26982b8a0299bb5535e5aed623996c696a2eb2f9157554b4dae3f5cce2ef
s390x	postgresql-private-devel-15.10-1.module_el8.10.0+3929+38258aa5.s390x.rpm	f25a2e96270d610e192950fc008024d737ade41f97583dc45b5b6898a28852c3
x86_64	postgresql-upgrade-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	0d93c69107e367e79244f98f82326a4b0f6b1e36cdf77827d7ae618ce36df956
x86_64	postgresql-private-libs-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	20b5bfde34ab7085268cec0c90e6d68d2cacae9b5c9b40032c2cfc7543451e0c
x86_64	postgresql-server-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	2dd7cbace18a5854df040c66ec2609b7bb2e2a271c5d77602419dcef85f88c0f
x86_64	postgresql-contrib-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	464e0829c7d45e98918dac116d98d598912d55e77887ef9504739b586d3723ac
x86_64	postgresql-server-devel-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	477ee95979cdae424441f3325148fdcafeffa5db7c7825ec02fc847f29d6f101
x86_64	pgaudit-1.7.0-1.module_el8.9.0+3706+885c732e.x86_64.rpm	4d697ebcb886ad755585c50ed8b035b100f519dd64f7f69671a8bfb86051430c
x86_64	pg_repack-1.4.8-1.module_el8.10.0+3798+606ebb9f.x86_64.rpm	620c66847a80e4d11cd9735ea22dc02a4a2d9bc3cef1dbbe3165afd1ac2c9947
x86_64	postgresql-upgrade-devel-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	6601745ee68d84a3cb51d57557c74603897d05402b49b4345e7eb1cc271c20d2
x86_64	postgresql-plperl-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	89d4f4b1c3e5be2fb27e9bee8dc29a65c5218c4dc6cbcdfa5af6a1b177a271b3
x86_64	postgresql-static-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	a86f0c9e8268ec33f4ac13c3f766224b79aa285f5dc89c083a063185bbb84707
x86_64	postgresql-test-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	b22183aa43d0c80373763e4f8ab788fbcf55e265cd48c1e7c173e7a7e60b6ca8
x86_64	postgres-decoderbufs-1.9.7-1.Final.module_el8.9.0+3706+885c732e.x86_64.rpm	b3aab0fa367edd2a996d12281b9c44277839836853605b7fcf3fe9282015786b
x86_64	postgresql-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	c78f7137c1fe4f5736183a16d93a87e50018b846ae2973543f1200fff50f94f7
x86_64	postgresql-private-devel-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	cba512fba4ab2eabe17feeaf18214020f4a085f5ff1734aa04ba25a032c1469b
x86_64	postgresql-docs-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	d0926fe48e323480a30c5b85b831918830eb8f223a2273045fb67e0ee4030b22
x86_64	postgresql-pltcl-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	f1b5546c0fca1c377ac0ba30651bd3b1b9ad0dedb66e90c785ad26c9d77e5c62
x86_64	postgresql-plpython3-15.10-1.module_el8.10.0+3929+38258aa5.x86_64.rpm	f1bf4731f5fb60d312cb0168683cd19e65c9a6954ab9fb74d691ed1487561fad

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.