Security warning issued The PostgreSQL JDBC driver has obtained an replace from BSI. You can learn the outline of the safety hole together with the newest updates and details about the affected Linux, UNIX and Windows working methods and merchandise right here.
Federal workplace for Security on Information Technology (BSI) issued an replace on May 22, 2024 for a safety vulnerability within the PostgreSQL JDBC Driver identified on February 19, 2024. The safety vulnerability impacts Linux, UNIX and Windows working methods and Debian Linux merchandise , Red Hat Enterprise Linux, Fedora Linux, SUSE Linux, Oracle Linux, IBM QRadar SIEM, IBM Storage Scale, Red Hat OpenShift, RESF Rocky Linux, Open Source for -PostgreSQL, Atlassian Bamboo and open supply Camunda.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3313 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
PostgreSQL JDBC Driver Security Advisory – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 10.0
CVSS provisional rating: 8.7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc methods. The CVSS normal makes it doable to check potential or precise safety dangers primarily based on varied metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take note of modifications over time within the threat scenario. According to CVSS, the danger of the vulnerability mentioned right here is rated as “excessive” with a base rating of 10.0.
PostgreSQL JDBC Driver Bug: Vulnerability permits SQL injection
PostgreSQL is a freely accessible database for cross-platform functions.
A distant, unknown attacker may exploit a vulnerability within the PostgreSQL JDBC Driver to carry out SQL injection.
Vulnerabilities have been labeled utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-1597.
Systems affected by the safety hole at a look
Operating methods
Linux, UNIX, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM QRadar SIEM 7.5 (cpe:/a:ibm:qradar_siem)
IBM Storage Scale 5.1.x (cpe:/a:ibm:spectrum_scale)
Red Hat OpenShift Container Platform 4.10 (cpe:/a:redhat:openshift)
Red Hat OpenShift Container Platform 4.11 (cpe:/a:redhat:openshift)
Red Hat OpenShift Container Platform 4.12 (cpe:/a:redhat:openshift)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Atlassian Bamboo Atlassian Bamboo Atlassian Bamboo Red Hat Enterprise Linux Quarkus 3.2.11 (cpe:/o:redhat:enterprise_linux)
Red Hat OpenShift Container Platform 4.9 (cpe:/a:redhat:openshift)
Camunda Open Source Camunda Open Source Camunda
Common steps to deal with IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates further details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently examine if IT safety alert Affected producers present a brand new safety replace.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3313 vom 2024-05-23 (22.05.2024)
For extra info, see:
IBM Security Bulletin 7152260 vom 2024-05-15 (14.05.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:1436 vom 2024-05-10 (12.05.2024)
For extra info, see:
Debian Security Advisory DLA-3812 vom 2024-05-10 (09.05.2024)
For extra info, see:
IBM Security Bulletin 7150357 vom 2024-05-07 (06.05.2024)
For extra info, see:
Camunda Security Notices vom 2024-05-03 (05.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2624 vom 2024-04-30 (01.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1999 vom 2024-04-23 (23.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1797 vom 2024-04-22 (22.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1686 vom 2024-04-04 (04.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1662 vom 2024-04-03 (03.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1649 vom 2024-04-02 (02.04.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:1435 vom 2024-03-27 (26.03.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-1435 vom 2024-03-22 (21.03.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-1436 vom 2024-03-20 (20.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1436 vom 2024-03-20 (19.03.2024)
For extra info, see:
Atlassian Security Advisory (19.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1435 vom 2024-03-20 (19.03.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-ED884C3203 vom 2024-03-18 (18.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0771-1 vom 2024-03-05 (05.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0773-1 vom 2024-03-05 (05.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0769-1 vom 2024-03-05 (05.03.2024)
For extra info, see:
GitHub Advisory Database vom 2024-02-19 (19.02.2024)
For extra info, see:
NIST Vulnerability Database vom 2024-02-19 (19.02.2024)
For extra info, see:
Version historical past of this safety alert
This is model 19 of this IT Security Notice for the PostgreSQL JDBC driver. If additional updates are introduced, this doc will probably be up to date. You can see the modifications made utilizing the model historical past beneath.
02/19/2024 – First model
03/05/2024 – New updates from SUSE added
03/18/2024 – New updates from Fedora added
03/19/2024 – New updates from Red Hat and Atlassian have been added
03/20/2024 – New Oracle Linux updates added
March 21, 2024 – New Oracle Linux updates added
03/26/2024 – New updates from the Rocky Enterprise Software Foundation have been added
04/02/2024 – New updates from Red Hat have been added
04/03/2024 – New updates from Red Hat have been added
04/04/2024 – New updates from Red Hat have been added
04/22/2024 – New updates from Red Hat have been added
April 23, 2024 – New updates from Red Hat have been added
May 1, 2024 – New updates from Red Hat added
05/05/2024 – New updates added
May 6, 2024 – New updates from IBM added
05/09/2024 – New updates from Debian added
May 12, 2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 14, 2024 – New updates from IBM added
05/22/2024 – New updates from Red Hat have been added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de