Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0113-01: Posted Jan 12, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-2625; SHA-256 | 72389b4a8ee2045ef26ddfb7a3008d55164864d2d390214fe0657af01486e4da; Download | Favorite | View

Red Hat Security Advisory 2023-0113-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:10 security update
Advisory ID:       RHSA-2023:0113-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0113
Issue date:        2023-01-12
CVE Names:         CVE-2022-2625 
=====================================================================

1. Summary:

An update for the postgresql:10 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

Security Fix(es):

* postgresql: Extension scripts replace objects not belonging to the
extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.src.rpm

aarch64:
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm

ppc64le:
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm

s390x:
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm

x86_64:
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2625
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY7/i99zjgjWX9erEAQiXbA//WFJNDVuYD112PQg6wO+FY9ee3L4eDa7x
XIuCvIpVe6MxugA85cM0/h6NyvsUM7PyZC0aH/QU2uN2yDVgYr39xLNexocHvxAR
EFiJOZhK+24uBxc9bfm+jVNqtbVOjkzhScUwjNtP5W4QZbBxzgPPTb0Ybzd9ixvk
GV8DifcjfX1edlBCqV78Hx1P1ISSMipKeTs5HtHsAZ4uK53anrdqZASe2yVy/FVr
D/s1DeKfWh/AF/6w5JNWB+MWgsQzOnoXH25agzJAE91+uewLk1XWIm3ky7efSYny
2QwuNCseR5IL1rdaSCgIZY1+khyc1qMk9MxRUs54bJzWi8OMJXvsN08I8gsngrxV
Nf27NQfMx9KjIkMo/+cV93rWHzhsjzM0uNb1CrJvBNtr5xWfIsD4vTiSJIP91hpY
hBqo8+1pI6Wo66dQkrLDrSo7gdmcLegE56GEAZtwEMPyraXcvb5qToM4OVW8kiVE
4Kw7CGodi864kesB6ZCKPY7vr68/OjOkWhvbqtbQ1D9kz1UvzRMAAF0meP5fA//s
PLidab430BWeGd1UagqkQVVBSZ+TTD+oOJwIb+dJBTYpZnEkIuNe4h7eHFW1PTLn
dCR2CI6UsDUzMPS6bjklqaGEFxCLZpn2c7xzyKhcvOwmhEJEm0UWIAZZNk5ip4b0
C67oezmmLbg=
=GaKj
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 63 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
gabe_k 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0113-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-0113-01

Share This

Red Hat Security Advisory 2023-0113-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems