ALSA-2024:10832

[ALSA-2024:10832] Important: postgresql:13 security update

Type:

security

Severity:

important

Release date:

2024-12-05

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).  

Security Fix(es):  

  * postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (CVE-2024-10978)
  * postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code (CVE-2024-10979)
  * postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes (CVE-2024-10976)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	pg_repack-1.4.6-3.module_el8.6.0+2760+1746ec94.aarch64.rpm	0bc131332c26443ba517f370c75ff8455abd1e32f7762def0cb858065ae917ec
aarch64	postgresql-test-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	4489123c84fcb2bd07a59536f61b40e5fcdf9efb06fd6b241546d3db36dd203d
aarch64	pgaudit-1.5.0-1.module_el8.6.0+2760+1746ec94.aarch64.rpm	5693432a162b3d47be77299991ed7dd77bc206427ce8f7442f27f6342a7502f3
aarch64	postgresql-server-devel-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	5c76ac1db930aa630ded4f568efc77cc0ccd7f151d8d295e3cd2565b2b212e53
aarch64	postgresql-upgrade-devel-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	7a67c0356fb9787ae62aad6dd1add277db38e926966008431836f9b9289ed3bf
aarch64	postgresql-pltcl-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	7faef5c3e16fb7bc41948a6641343e5f7e625974e6c51f9fad2994ae3fd58b79
aarch64	postgresql-plpython3-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	81db9fbf6355ff5fb6487214caf339cf0787e04cda1b933b217767b16fe1e8fa
aarch64	postgresql-plperl-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	86b739efb00bfde94e935cbfdb3faa0073e69d482d094b280cd1b0000cad6c49
aarch64	postgresql-static-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	a569be57f8bef169a3949114aea22f18735d364b514d530f6d185a5ec5c00772
aarch64	postgresql-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	c5810d9d67a34758716ec5f235971c38645ee46b856563d114db4badb50ec50e
aarch64	postgresql-docs-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	cf484b2b797a720c094f50df4a38e263d1f9b3c402b352cf110c60c800ba1028
aarch64	postgresql-contrib-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	e576b15e4929857effbb3b4760a85afc1f391cbb00ffddb515b3aa6ddb9ae421
aarch64	postgres-decoderbufs-0.10.0-2.module_el8.9.0+3704+f1f917ce.aarch64.rpm	eaa32eea438e859ac3104060c211187f53da746e219021535b66046809df054d
aarch64	postgresql-upgrade-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	ec5b0ca5807365b099e1d223470b1cf1c8a16211a61b03dd7ba1bd869112eff2
aarch64	postgresql-server-13.18-1.module_el8.10.0+3928+8233d274.aarch64.rpm	ef227b5b071a3eed78af36d1546a82a2a6a2c2ed599818c12176c8301b012a72
noarch	postgresql-test-rpm-macros-13.18-1.module_el8.10.0+3928+8233d274.noarch.rpm	91aa4751acd4f6e801c04cd1c40c63d25acb29f14057277efc5cd7786022a911
ppc64le	postgres-decoderbufs-0.10.0-2.module_el8.6.0+2760+1746ec94.ppc64le.rpm	13cd44b926f28289bb0a5b01f74460112ef2a7b442da8131cb2586d4227ef755
ppc64le	postgresql-server-devel-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	48db2445f175cf51390325f5cfb45c04656168033c4295782620b68dd3240f82
ppc64le	postgresql-plpython3-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	49fb37b30e1df0f16549373b61773e428cb1e871c84a0fb3e19c80a8a73e7dbe
ppc64le	postgresql-server-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	4c394c4603aa22d7f771fe1cd7dedeb8edc8e7a554d2a717f6bf00302d321269
ppc64le	postgresql-upgrade-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	52327215f20bae1673c3a5097d57a5e2964e852a1193b7973bdc768581f45a88
ppc64le	postgresql-test-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	53dc8fef4cc2bf1dc68732ca0995d2b40957df871247d9af4861dced1f14a926
ppc64le	pgaudit-1.5.0-1.module_el8.6.0+2760+1746ec94.ppc64le.rpm	69187c120a179f0153c3110e7c5dd4cd103e1c2bb0c9b4a0da8a16b85c3f3390
ppc64le	postgresql-pltcl-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	75fa7ee9618addc442a0e7afce5599d48d8e0bf1b5cbca55a5cc532fb0c6b998
ppc64le	postgresql-plperl-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	80e10958cd424585383c9885b1ef9a5082ec513a75c4d391043ee58c556e56f2
ppc64le	postgresql-static-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	93068d2c3647a266c1eced0e2fa890ec51c1bd3973708174eb74ade3ca583c56
ppc64le	pg_repack-1.4.6-3.module_el8.6.0+2760+1746ec94.ppc64le.rpm	9a907ca1b9082a2da428045283c26d15f54bd5ed2179c1de36a53ae6b52c08bb
ppc64le	postgresql-upgrade-devel-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	c64a04eb50a98ee9c88a8d9f444d3f40e8e289f915cd23dfc5958cc475bf7214
ppc64le	postgresql-docs-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	da9e8d54a07bb64273af940612322a1d188a979bbae7ee2bf11036981a83e565
ppc64le	postgresql-contrib-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	e677e4f77f11bf95e1176e407d42e1a7330d43d196b71de1010deef3d771ba43
ppc64le	postgresql-13.18-1.module_el8.10.0+3928+8233d274.ppc64le.rpm	fbecc9e7a30758c299ce7d95c1c47ddc58e7a2b738f411b93dbd92aa208e58a5
s390x	pg_repack-1.4.6-3.module_el8.9.0+3704+f1f917ce.s390x.rpm	14fdf29fe5dd7075aaf956b75aec2c5028f78ea8c06a19b461fa970284284047
s390x	postgresql-contrib-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	2e88c759e674a5ef99e217f8d17644ceb256e8942bfac9fcbca98c3d85e0559a
s390x	postgresql-server-devel-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	30ca9e163f515d9745d669ac8f710b3148bad6fa2794abff5233b225bf88c6b2
s390x	postgresql-server-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	34b70dcd9253a40f0222143f4e386bcbcea9208078aaefe2b34b0fd44f8e0715
s390x	postgresql-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	36865a8fa92b3912971baabe6b1a4bf39ab4be114b3c677cda9893e5c0e35eb2
s390x	postgresql-plpython3-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	3f4c62ea6659d9226f644214f127667e4651d9f4d1bdfb98770f8e0af3dfb0fd
s390x	postgresql-upgrade-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	43565329a086391f4dfae8a315cfba1844bbabc9d11ee0924bba418e05a864c7
s390x	postgresql-upgrade-devel-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	44e181b6e8f5dd67078bcebf0e05970ba622198a29dd9ab92c78d8ae5f93a584
s390x	postgresql-docs-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	5d623248cadb76b175aa3af0734fde6968746dc852b729bac190dca4314cfc6f
s390x	postgresql-pltcl-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	6048243f216f51903c7289e84205691e7d614b6ef6a113539b46684fdf4b2e6e
s390x	postgresql-test-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	671aa26f9379b5d34e1ce052c101f97d28966ba2e2da17a5bb2737ee9fd1860d
s390x	pgaudit-1.5.0-1.module_el8.6.0+3095+ee60d910.s390x.rpm	a29cba50326b3c78b1cff9ad076eff7837022e71f02d7ec9e918aed69a9c3f35
s390x	postgres-decoderbufs-0.10.0-2.module_el8.6.0+3095+ee60d910.s390x.rpm	b11226898b888f8213eefe941cece0f636a08ccce2ceaa8bee2a38e6058ed4f3
s390x	postgresql-static-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	ba506a2465ac3d392ac2f6980fde0d27c05ce335314357beab83b85a33b41b19
s390x	postgresql-plperl-13.18-1.module_el8.10.0+3928+8233d274.s390x.rpm	d0b2be3f426ee8dae3eb169be7dd8ef1973c1b7c7f08911604d66e9646729eb1
x86_64	postgresql-server-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	08a9af91741e0842023a81b0eafc99f2eb89c7eda8a3db16ff8337467ceed41e
x86_64	postgresql-contrib-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	0d8f44569bac3b3525bbbf151fb07181fc79123c04d53eee6cfc9f9bc5615bde
x86_64	postgresql-plperl-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	22372073f4225afc937346dec09ac51ac0cc6a16db343498410434a4191518fb
x86_64	postgresql-static-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	260abeef774cf6315d42febac9bfc0db6c97d087ea2d6db9f5e738ce6c7789b5
x86_64	postgresql-plpython3-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	2aa6172603d01e6f0d128c50e8be03ba53d5a390c5d58f84a43ad4644513033b
x86_64	postgresql-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	377b9d4be5b49a2793c9a7434440daadcf55f9959a8439c4d39a2dea1a7b9d3a
x86_64	postgresql-test-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	5c60074b09d65673ff551e548a8ad3bde1c933bfb04efe4ada18ed635edaed92
x86_64	postgresql-server-devel-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	7043bcd402e2620b2902001df1c8643073ebcf7dfce2bd7a27ad6012c1ecf5cf
x86_64	postgres-decoderbufs-0.10.0-2.module_el8.6.0+2760+1746ec94.x86_64.rpm	77c2586f944e08d0a073c739b9eeeedc0d9ca7da51f43a0dcdc3a1c383a1b0fe
x86_64	pg_repack-1.4.6-3.module_el8.6.0+2760+1746ec94.x86_64.rpm	92f387cdf31b3872470fb3402126bc72e2e6f6b342192bc2333465e896810c0b
x86_64	postgresql-pltcl-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	a197b1cd7fd8576bb884008f48a97442bd501646a1d5d63ff5cebd9ed1adf31d
x86_64	postgresql-upgrade-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	b54ec44a1c1ca85a3d769d32a18d18b440796644e471ae352d738fe2b3c5f5ee
x86_64	pgaudit-1.5.0-1.module_el8.6.0+2760+1746ec94.x86_64.rpm	d75cd67116ed5f4af36fdbe2c39536a2de4594a800698c0b041f36122b61843e
x86_64	postgresql-docs-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	da61b10438e1ca55660e2c7b753399d3ab6c55467c35c868eee98e2b8bf0ba09
x86_64	postgresql-upgrade-devel-13.18-1.module_el8.10.0+3928+8233d274.x86_64.rpm	e7d1b81c0178ec43a89f4724353cc100918b7a1c53d351144c6568919b8a8779

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.