The safety warning issued for PostgreSQL has obtained an replace from BSI. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 23, 2024 for the PostgreSQL safety vulnerability identified on May 9, 2024. Operating programs Linux, MacOS X and Windows and SUSE Linux merchandise and open supply PostgreSQL affected by the safety hole.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: SUSE Security Update SUSE-SU-2024:1768-1 (From 23 May 2024). Some helpful sources are listed later on this article.
PostgreSQL Security Advisory – Risk: Low
Risk stage: 2 (low)
CVSS Base Score: 3.1
CVSS provisional rating: 2.7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc programs. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on numerous metrics to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body circumstances which will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability risk is taken into account “low” with a base rating of three.1.
PostgreSQL Bug: Vulnerability permits info disclosure
PostgreSQL is a freely out there database for cross-platform functions.
A distant, approved attacker might exploit a vulnerability in PostgreSQL to reveal info.
Vulnerabilities had been labeled utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2024-4317.
Systems affected by the PostgreSQL vulnerability at a look
Operating programs
Linux, MacOS X, Windows
Products
SUSE Linux (cpe:/o:use:suse_linux)
Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises extra details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly examine the desired sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug reviews, safety fixes and workarounds.
SUSE Security Update SUSE-SU-2024:1768-1 vom 2024-05-23 (23.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1703-1 vom 2024-05-20 (20.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1651-1 vom 2024-05-15 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1653-1 vom 2024-05-15 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1652-1 vom 2024-05-15 (14.05.2024)
For extra info, see:
PostgreSQL Security Advisory CVE-2024-4317 vom 2024-05-09 (09.05.2024)
For extra info, see:
PostgreSQL launch notes vom 2024-05-09 (09.05.2024)
For extra info, see:
Version historical past of this safety alert
This is model 4 of this PostgreSQL IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can see the adjustments made utilizing the model historical past under.
May 9, 2024 – First model
May 14, 2024 – New updates from SUSE added
May 20, 2024 – New updates from SUSE added
May 23, 2024 – New updates from SUSE added
+++ Editorial notice: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find scorching information, present movies and a direct line to the editorial workforce.
kns/roj/information.de