Red Hat Security Advisory 2022-7128-01

Red Hat Security Advisory 2022-7128-01: Posted Oct 26, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7128-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-2625; SHA-256 | 072012f9cea1917daee5e180c691cd1a08c1846a22160bdeef3fdedec180f5cf; Download | Favorite | View
Red Hat Security Advisory 2022-7128-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: postgresql:12 security update
Advisory ID:       RHSA-2022:7128-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7128
Issue date:        2022-10-25
CVE Names:         CVE-2022-2625
====================================================================
1. Summary:

An update for the postgresql:12 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

Security Fix(es):

* postgresql: Extension scripts replace objects not belonging to the
extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.src.rpm
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.src.rpm
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.src.rpm
postgresql-12.12-1.module+el8.6.0+16796+0abe6678.src.rpm

aarch64:
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm
postgresql-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-contrib-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-contrib-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-debugsource-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-docs-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-docs-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-plperl-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-plperl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-plpython3-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-plpython3-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-pltcl-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-pltcl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-server-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-server-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-server-devel-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-server-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-static-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-test-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-test-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-upgrade-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-upgrade-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-upgrade-devel-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm
postgresql-upgrade-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.aarch64.rpm

noarch:
postgresql-test-rpm-macros-12.12-1.module+el8.6.0+16796+0abe6678.noarch.rpm

ppc64le:
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm
postgresql-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-contrib-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-contrib-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-debugsource-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-docs-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-docs-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-plperl-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-plperl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-plpython3-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-plpython3-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-pltcl-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-pltcl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-server-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-server-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-server-devel-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-server-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-static-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-test-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-test-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-upgrade-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-upgrade-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-upgrade-devel-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm
postgresql-upgrade-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.ppc64le.rpm

s390x:
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm
postgresql-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-contrib-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-contrib-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-debugsource-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-docs-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-docs-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-plperl-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-plperl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-plpython3-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-plpython3-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-pltcl-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-pltcl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-server-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-server-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-server-devel-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-server-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-static-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-test-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-test-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-upgrade-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-upgrade-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-upgrade-devel-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm
postgresql-upgrade-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.s390x.rpm

x86_64:
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm
postgresql-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-contrib-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-contrib-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-debugsource-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-docs-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-docs-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-plperl-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-plperl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-plpython3-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-plpython3-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-pltcl-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-pltcl-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-server-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-server-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-server-devel-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-server-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-static-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-test-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-test-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-upgrade-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-upgrade-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-upgrade-devel-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm
postgresql-upgrade-devel-debuginfo-12.12-1.module+el8.6.0+16796+0abe6678.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2625
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY1fUZ9zjgjWX9erEAQgDTw/+KSs6p/vszK2KXHZe8S66ANgU9TSf8kEB
RXBIVRc+sfTKzzLGdwVm/EBpetQ+HLWJO229vO/dNmDpp9TXnP/rFD925DVNw7YH
I7WDsfi/7hmnM4+2SeXXAdXdULs61gLk/shnT9oDVb6CUP87z5A1Czov0W5nZN4i
ZyjaKiMLeJCBbA1KNDnuokYYj02+Ggp5VnC7svbHixP75vrTJZdiRU6UjGfewY0l
L5BsYo3zTTj7KVYRMrloKXYb7PLureqr6JkZ5mczokkBBK0LQaY6in1W7XqoN5Wu
rhKx9Xuk6uU7E6xQN4JyC/RGiXNeq3JFUssYS7e+dnB6j79/rSOw8nwbBYm9xzoQ
THxVtPJcISUYQMHx2sp4dEgGd6PhOK+HAnohst9aztvnfuoLfruWqCQEDmy2UyBi
2iYIeheBlbyhpwAw74UC0pAr+xWmKPSMbF3PagRAwU9fXz3a0MXEyLBNvGbWEcMW
Y1276vDasibMyT5VLOTFoGc41/d7OeX2Uo6fsy46Ev4wNevRiOo63wZ9rSaHkWSz
ZxiGp3I7gFh+hEkRrI2OLh+vVMV83/oOVmniTxIgILbAmJp4tqSZV7bwMWxl6bpo
ZqYK7bhFzUSzqZBQBf2YT0ZCIazJddH71lEG0v06hsFJOyISE1j9bHrI1JpLHq1P
ErVHxnspDsU=XzfE
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Top Authors In Last 30 Days

Red Hat 202 files
indoushka 108 files
Ubuntu 82 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files
File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other
Red Hat Security Advisory 2022-7128-01

Red Hat Security Advisory 2022-7128-01

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2022-7128-01

Share This

Red Hat Security Advisory 2022-7128-01

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems
