Fedora 39: FEDORA-2024-9820d9491f Critical: pgAdmin4 XSS and DoS
fedora
July 13, 2024
Backport security fixes for CVE-2024-4216, CVE-2024-4068, CVE-2024-4067.
Summary
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.
Update Information:
Backport security fixes for CVE-2024-4216, CVE-2024-4068, CVE-2024-4067.
Topics Covered
Change Log
* Thu Jul 4 2024 Sandro Mani
References
[ 1 ] Bug #2278855 - CVE-2024-4216 pgadmin4: XSS in /settings/store API response json payload [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2278855 [ 2 ] Bug #2280626 - CVE-2024-4068 pgadmin4: braces: fails to limit the number of characters it can handle [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280626 [ 3 ] Bug #2280781 - CVE-2024-4067 pgadmin4: micromatch: vulnerable to Regular Expression Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280781
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-9820d9491f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: pgadmin4
Product: Fedora 39
Version: 7.8
Release: 7.fc39
Summary: Administration tool for PostgreSQL
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!