Mageia 9: 2024-0372 Critical Advisory: PostgreSQL Security Issues
mageia
November 27, 2024
PostgreSQL row security below e.g
Summary
PostgreSQL row security below e.g. subqueries disregards user ID
changes. (CVE-2024-10976)
PostgreSQL libpq retains an error message from man-in-the-middle.
(CVE-2024-10977)
PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID.
(CVE-2024-10978)
PostgreSQL PL/Perl environment variable changes execute arbitrary code.
(CVE-2024-10979)
References
- https://bugs.mageia.org/show_bug.cgi?id=33779
- https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
- https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/
- https://www.cve.org/CVERecord?id=CVE-2024-10976
- https://www.cve.org/CVERecord?id=CVE-2024-10977
- https://www.cve.org/CVERecord?id=CVE-2024-10978
- https://www.cve.org/CVERecord?id=CVE-2024-10979
Resolution
SRPMS
- 9/core/postgresql15-15.10-1.mga9
- 9/core/postgresql13-13.18-1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0372.html
Type: security
CVE: CVE-2024-10976,
CVE-2024-10977,
CVE-2024-10978,
CVE-2024-10979
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!