Oracle Linux: CVE-2024-10976: ELSA-2024-10788: postgresql:16 security update (IMPORTANT) (Multiple Advisories)

Oracle Linux: CVE-2024-10976: ELSA-2024-10788:postgresql:16 security update (IMPORTANT) (Multiple Advisories)

Severity

4

CVSS

(AV:N/AC:H/Au:S/C:P/I:P/A:N)

Published

11/14/2024

Created

12/10/2024

Added

12/05/2024

Modified

01/08/2025

Description

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.This has the same consequences as the two earlier CVEs.That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.This affects only databases that have used CREATE POLICY to define a row security policy.An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one role and executed under another, potentially leading to unauthorized reads or modifications of data.

Solution(s)

• oracle-linux-upgrade-pgaudit
• oracle-linux-upgrade-pg-repack
• oracle-linux-upgrade-pgvector
• oracle-linux-upgrade-postgres-decoderbufs
• oracle-linux-upgrade-postgresql
• oracle-linux-upgrade-postgresql-contrib
• oracle-linux-upgrade-postgresql-docs
• oracle-linux-upgrade-postgresql-plperl
• oracle-linux-upgrade-postgresql-plpython3
• oracle-linux-upgrade-postgresql-pltcl
• oracle-linux-upgrade-postgresql-private-devel
• oracle-linux-upgrade-postgresql-private-libs
• oracle-linux-upgrade-postgresql-server
• oracle-linux-upgrade-postgresql-server-devel
• oracle-linux-upgrade-postgresql-static
• oracle-linux-upgrade-postgresql-test
• oracle-linux-upgrade-postgresql-test-rpm-macros
• oracle-linux-upgrade-postgresql-upgrade
• oracle-linux-upgrade-postgresql-upgrade-devel

References

• https://attackerkb.com/topics/cve-2024-10976
• CVE - 2024-10976
• ELSA-2024-10788
• ELSA-2024-10831
• ELSA-2024-10832
• ELSA-2024-10830
• ELSA-2024-10785
• ELSA-2024-10787
• ELSA-2024-10791

View more