ALSA-2024:5929

[ALSA-2024:5929] Important: postgresql:16 security update

Type:

security

Severity:

important

Release date:

2024-08-28

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)
* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	postgresql-private-libs-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	08b92a15dec28fc92d2f50f8835b39adf1dc2c533aea5903b9838eb2c4a6f783
aarch64	postgresql-static-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	0ac85195428810a5cc40bfc3f3484aa49de06f769fc04a3fe34cfa814c04aa84
aarch64	pgaudit-16.0-1.module_el9.4.0+66+eb9878bc.aarch64.rpm	16376ea924b9a51d373ce99c4ba8e8a55a4ee83ba1a241b8459c1b635dbd1466
aarch64	postgres-decoderbufs-2.4.0-1.Final.module_el9.4.0+66+eb9878bc.aarch64.rpm	182885e56ea13dad4275de2dfe2b333c4846ef506fd1510d9d900ed71da43985
aarch64	postgresql-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	2e43ba2a8c0ecc7ce6bc1c796cb32400939224caf1bceaa545fd9774c4c2f8e5
aarch64	postgresql-upgrade-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	3ae9fee6763ee963773c73e9a7e7085e9d08ee7d65228a7c6234672753e865ad
aarch64	pg_repack-1.4.8-1.module_el9.4.0+66+eb9878bc.aarch64.rpm	6d379928678316871cc131a9deba95ecf2ff662b5e6e7a6dfe224504c2d4c6e6
aarch64	postgresql-contrib-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	89ba8415709e438eaa38636ae7a0d87cd658ef44b242ac42dab03bb738f59ddc
aarch64	postgresql-plpython3-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	8a47e2df56ae49e9d38ca932e409dff19741aca7e683a791f98ada05520a2727
aarch64	postgresql-server-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	8adfe5016e6e6dc02529d9d58a2c92b41bf57ac6b299c2193342e8e5b5915704
aarch64	postgresql-plperl-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	9c224194db8d5dc3e516e252e4a00cf9b4593de6632b62eebb140ee7f6a3d9cc
aarch64	postgresql-upgrade-devel-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	9c7ee33c83d8f858a6a9fb9521632499c9b6ddd5b9b53f62e4b1289120d90467
aarch64	postgresql-private-devel-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	9fc3a390d5badc5fd97aca256bc7f320c7e9597fd9bbbe548d0e389deddf80d0
aarch64	postgresql-server-devel-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	c16b8c33d11cc0204170560aeadae821f1a96afc1f4fb39c9d35ed334516764f
aarch64	postgresql-pltcl-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	d55f81e2cace9f3a3e968b6e253d7d3b2aa6caa553df93f8ea102856d7774390
aarch64	postgresql-test-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	d92d46b881b6fa2431d34451f1eca58a0af54d6b35550f24c06a19f419475ebe
aarch64	postgresql-docs-16.4-1.module_el9.4.0+109+624ac33a.aarch64.rpm	fc4f19f17762677e2b4f31ac7199751294f25ee6af92415f8e45d6d428a3a3eb
noarch	postgresql-test-rpm-macros-16.4-1.module_el9.4.0+109+624ac33a.noarch.rpm	9a63e985bd0be681d52f689ef51210d8174d13c50f2de4208d0a784cc74ab9d2
ppc64le	postgres-decoderbufs-2.4.0-1.Final.module_el9.4.0+66+eb9878bc.ppc64le.rpm	03ceefeb6c273a95c8ec179a387210f1a9c7808522d4871789925b81691e196f
ppc64le	postgresql-docs-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	076e18d912d8e7b2319afc257bd3af1de32bc00b20f373ad84cf87118ea87b02
ppc64le	postgresql-contrib-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	22ed6aadd47504cbb8d9b3bd2361f12ec071c2107ebaacf7e9d7233987cf8455
ppc64le	postgresql-server-devel-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	2d3739ec6c556a4027fb073b1da9bf1d2709bdc5b9cd3ac3295bb8e2f3fefba3
ppc64le	postgresql-test-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	509e0385e315bcdbfbd0d12c181baae2566ca2263661a887751d7749064affd4
ppc64le	postgresql-private-libs-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	5354ffeadf1ff61fc384b4fa7687d0f02513eb617b78a1154734ecd9728d3eeb
ppc64le	postgresql-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	62b22acf5f86d418e5563bca0183176370929e8237ab225d2ba197f0cf977cb4
ppc64le	postgresql-plperl-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	6c85d08a6375ded2036b44d639bd445131417f8db9ac9f6d596fcd1175cafed7
ppc64le	pgaudit-16.0-1.module_el9.4.0+66+eb9878bc.ppc64le.rpm	8588205024e2617ab6cc93c3e6c3c1ea87350cd54ca5dcdd14e19f88d47d7b6b
ppc64le	postgresql-plpython3-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	9c2ee268157b1d714523f0d586aacd12cadb44e9082daadc029ecf8cb4730bf6
ppc64le	postgresql-static-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	a0e6c56b5543100f0644f980802ef1aed494ce469ce33b26a500df85047fd83a
ppc64le	postgresql-upgrade-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	c9eeb5dd0379236e1f4e4a8df94cb88f667b9e3a3e436c388c579c62d0fcb669
ppc64le	postgresql-private-devel-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	d3e4391dfd90d494c6c8bbd6056062a2e9961a1f465c15b02e782aec15ab8da0
ppc64le	pg_repack-1.4.8-1.module_el9.4.0+66+eb9878bc.ppc64le.rpm	d837282b12d6932dbe20ce1d51a7f3a6a217d7f0058dfd520bb79be67f6a72a2
ppc64le	postgresql-upgrade-devel-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	ea3f2d09911edbd4f55eb40615c9b17fa2e0666ef97c66575a85008ae987b86d
ppc64le	postgresql-pltcl-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	f368b4ddd3a1827f5ec54818da0f68cd7a17714082a5a94aac4310a9002724f1
ppc64le	postgresql-server-16.4-1.module_el9.4.0+109+624ac33a.ppc64le.rpm	f675d41478c8557ea0853e42284f7480559d27bec4a0cac57171f6663d18552c
s390x	postgresql-test-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	0ccff393a269c5b2c537c8bd96c9e2db26822eb171dc9410908725b084054343
s390x	postgresql-contrib-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	2eaede5222294b789713a13aff7077d05928a9f022a26dc03329c7ac7c5b82b3
s390x	postgresql-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	3875bc4f4963d4309c245f807670e69e5bad2341eae84a50fcfa93145fb929b0
s390x	postgresql-private-libs-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	41c40b84467c89891609a2de2317466127cd91728973e2a497630ef92e55f0ee
s390x	postgresql-pltcl-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	4cb757ccd6c33c2be6dd49bd84b8ae9020a36ac591f316733e88e6ebc15f50de
s390x	postgresql-plpython3-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	8efe37374243ceefb7620a1529bbf7aa75c4cb1b12d30c81959947983491fdd1
s390x	pg_repack-1.4.8-1.module_el9.4.0+66+eb9878bc.s390x.rpm	94efc54332bce0e7d22ea099915d7356397e7517cc3a90837d7e24725b87461e
s390x	postgresql-server-devel-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	9d00cedfbbd81f503571367b61e1161669a8fc19ee7e41af9fd65aa5c02c0661
s390x	postgresql-server-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	a03cd07e1e57406db0613cf2096b55e1c92cbb1f5f0d1e8ffc20bc40e2357617
s390x	postgresql-static-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	b00c079bffb2f8ef502a5e7d8d5f0884c5d3ac768815ccff50c244f2ac608172
s390x	postgresql-private-devel-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	b5c42c8366f74c32bf969492c310465f127297313f352342740afdafd1295c0e
s390x	postgres-decoderbufs-2.4.0-1.Final.module_el9.4.0+66+eb9878bc.s390x.rpm	b8b86855167ad691eae0fb64fade5d312ea4017529a0b1b15f26b2676799555c
s390x	postgresql-docs-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	bd37ba266bdd2e97e7d0ce98d6e5e58b8d698ff843b9638a3d06b433efc01bab
s390x	postgresql-plperl-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	bf343cd28274be8a57dfca6c3cf636e52a183df85660bcd2c8dc3d5e7d2411f4
s390x	postgresql-upgrade-devel-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	c332750f7cc9f55e170fed972aa550a2eb91048d3e0b195443df46066d7d1ffb
s390x	postgresql-upgrade-16.4-1.module_el9.4.0+109+624ac33a.s390x.rpm	da1abb4dfcea961c8a4fd263cf96322a15d08b999b37f76c7b80e0b51117e8b6
s390x	pgaudit-16.0-1.module_el9.4.0+66+eb9878bc.s390x.rpm	dbe62c1869957547d55c68a69aec82df664b3d0cc0ef2b9fc75ca1ac5ab6a739
x86_64	postgresql-server-devel-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	0360ec1d3004625828f1da90e5422bcc5d5d89990eb054e3148c177373a77c3b
x86_64	postgresql-upgrade-devel-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	061619662b9c074141fbd328ce7a7670582adf418833e736674548d722548890
x86_64	postgresql-server-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	20fe396a3e76d31a4954ac5c7db511e10cb77e58585fcfa90ecfd9277d72ca60
x86_64	postgresql-test-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	24194d4170946ef2f94514959b9f47171b7c844c8ef0452dca7f379bc6d5a1a3
x86_64	postgres-decoderbufs-2.4.0-1.Final.module_el9.4.0+66+eb9878bc.x86_64.rpm	342da2164f0a3e2c2dffe52a64e59d545e1508f3e2ccd4c73699a228f249e3c1
x86_64	pgaudit-16.0-1.module_el9.4.0+66+eb9878bc.x86_64.rpm	444b13be987bef254b1b10bd96c8d8f8da88547b24b2b5bb51663769436e0442
x86_64	postgresql-plpython3-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	59b4d1fce93bce467e710ec2e618587d93ab093d8bc6bd7e842e8f4114abc2b0
x86_64	postgresql-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	5afa8c710e69bb8f84299081b2576e25451a9b0cbb91642f506b2d36b819df41
x86_64	postgresql-static-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	712f4e3506f27e649e3868ed52306a2793d85f8fd378697ffa019e5b15ba79d7
x86_64	postgresql-private-libs-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	91a48010cae17b6fe6b62fe1e3a367e3ad82d9d174b3b4a129dbee8c36801b90
x86_64	postgresql-plperl-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	9bc2a4a1c1525f0517575eabb1ef4ed0247fc0f1605d8dea97dbbd91f3e128b2
x86_64	postgresql-pltcl-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	af68299c1ff34e113c00e7d8b1a60552b88b4db0f63325631772f4fed0a15658
x86_64	postgresql-upgrade-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	c2dea3ff90410df99d5ddadcde721da15e87e9bfd1793cf90a2c53e397fdc5e1
x86_64	postgresql-docs-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	d25e584756462fa73f7d447bda35bdae8dc7521a1695bc87b8dba18191101659
x86_64	postgresql-contrib-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	da7b397ade0e87e28193def1049c101ba5785dbcbaca00269568f74366f7d5bf
x86_64	postgresql-private-devel-16.4-1.module_el9.4.0+109+624ac33a.x86_64.rpm	dcf307603bd280172a7d509862f5897a0772290c9122f8bdcc4c7cc3f861281a
x86_64	pg_repack-1.4.8-1.module_el9.4.0+66+eb9878bc.x86_64.rpm	eb104a5d66c1a605e23024a9b47df606d1581031f36cae8f67ab01380eab68c6

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.