Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5622-1] postgresql-13 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5622-1] postgresql-13 security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5622-1] postgresql-13 security update
  • Date: Wed, 14 Feb 2024 19:59:04 +0000
  • List-archive: https://lists.debian.org/msgid-search/Zc0biNpx9c/UjlLG AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=6vq72G67GZRAtGQ33QR0Kkc2i/mDPLsObOZhrIgKR4g=; b=EF Mo9Zs/OBdGavNjyDq745NPqrFs9991HcJrTK6ZmqYlE5VR7ceH4VbuZLe75tNW2tBustRKKRJPOp2 aaJ/Wv1hJZZ3webcyNx/DwItuiRS5Oh4eiO8hjc/fyo/PwW0QJ/zq4GuOCoKlHXWjFycLUQ92n5SK UiU3EEPH2IUnLnBYKCch2jdlVfHRNYNP8n9UqmVnhboxqHHJHW6DpV6+ckLpXV2kCYwvj/NFNB44W PrFv6T8hM3mfu8WwqC9Fb6gHzGyhTjOhR8eo6oPIv4YRl1xqav/LroB7l+xB4h9wQEMMcBXuoSS9j 2KNIUWm/7U6GKT2kDlgtJkO9eFIx35eg==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 14 Feb 2024 19:59:34 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <bLm-WUTcaLE.A.aiG.muRzlB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5622-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : postgresql-13
CVE ID : CVE-2024-0985

It was discovered that a late privilege drop in the "REFRESH MATERIALIZED
VIEW CONCURRENTLY" command could allow an attacker to trick a user with
higher privileges to run SQL commands with these permissions.

For the oldstable distribution (bullseye), this problem has been fixed
in version 13.14-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGV8ACgkQEMKTtsN8
TjYPYBAAlJuqv8akj+o9j/7gYbpr2LNymLYvhDuHDtHjMMSoT5zBYxCMtKtgc84v
aEFLrm+1CAejvV+8kOTN8cbFF2CSacfFKDV2/9JJY/dxKZ50QL92QNPnZ6aq7KeM
/iX8Sqp58dey+/VyNy9S8Mv2fVRN8g7UprR+hBKNyqtMAW7np+C5LUgOLYJc4Iqc
DPHTTAcMKSYn5vCCQrF7QbCKEzT9KDena7xax6HPR+8F5EI0TIBXL97naslyoLKK
oHrZPDl7hDUxw+IBYfpcMHZWQCSpCP50OUDnZBcPVRCatbki6pDdM6lymXhDWxbh
uRlBAUmuPRozP8qrfh+m2EBb2aRDz2QJlmehrY8J+j0tM0dJi1dX34SSqLd3nFyZ
/24KZoNwkAXbb+OBZD1jsu1IMxWvZm3QhlGRUXnXF7AyJiKQDaOz2b1W9B19Fmm3
z6bQaEbgGf0MTtT/IpEwDMqGrnkl210KA/qVl1gFSbLETGjPh0rLY8ANuKNLGuDs
1yPEULUBm0G7ZO7JgjlfMvZLlbNotz0Jl5jKr0uGdT+q8H8NxDUT7UJlDiUNDXm0
D0LK1vzhr86fGRW9lG8a+OntOpnHPrWbFi5mVTIcuPmd6ekIvOCTeAg6dLliuLcf
fFlWOUD20Xxsz8M0Xkd4NEAod67bk4NWzbHA0XSVa6M0z2u1lok=
=Kp2y
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5622-1] postgresql-13 security update, Moritz Muehlenhoff, 14.02.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang