Home » PostgreSQL: Vulnerability permits data disclosure

PostgreSQL: Vulnerability permits data disclosure

by admin
PostgreSQL: Vulnerability permits data disclosure

An IT safety alert replace for a recognized vulnerability has been issued for PostgreSQL. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security in Information Technology (BSI) revealed an replace on May 26, 2024 for the PostgreSQL safety vulnerability recognized on May 9, 2024. Operating techniques Linux, MacOS X and Windows and SUSE Linux merchandise and open supply PostgreSQL affected by the safety hole.

The newest producer suggestions concerning updates, workarounds and safety patches for this vulnerability may be discovered right here: SUSE Security Update SUSE-SU-2024:1777-1 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.

PostgreSQL Security Advisory – Risk: Low

Risk degree: 2 (low)
CVSS Base Score: 3.1
CVSS provisional rating: 2.7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS customary makes it doable to match potential or precise safety dangers primarily based on varied standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances that will change over time are thought-about within the check. The danger of the vulnerability talked about right here is classed as “low” in accordance with the CVSS with a base rating of three.1.

See also  HP LaserJet at risk: New vulnerability! Vulnerability allows privilege escalation

PostgreSQL Bug: Vulnerability permits data disclosure

PostgreSQL is a freely out there database for cross-platform functions.

A distant, licensed attacker might exploit a vulnerability in PostgreSQL to reveal data.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-4317 on the market.

Systems affected by the PostgreSQL vulnerability at a look

Operating techniques
Linux, MacOS X, Windows

Products
SUSE Linux (cpe:/o:use:suse_linux)
Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL Open Source PostgreSQL

General suggestions for addressing IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This usually comprises extra details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently verify if IT safety alert Affected producers present a brand new safety replace.

Manufacturer details about updates, patches and workarounds

Here one can find some hyperlinks with details about bug reviews, safety fixes and workarounds.

SUSE Security Update SUSE-SU-2024:1777-1 vom 2024-05-24 (26.05.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1768-1 vom 2024-05-23 (23.05.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1703-1 vom 2024-05-20 (20.05.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1651-1 vom 2024-05-15 (14.05.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1653-1 vom 2024-05-15 (14.05.2024)
For extra data, see:

See also  Festivals and live shows: Preventing ear harm could be very straightforward

SUSE Security Update SUSE-SU-2024:1652-1 vom 2024-05-15 (14.05.2024)
For extra data, see:

PostgreSQL Security Advisory CVE-2024-4317 vom 2024-05-09 (09.05.2024)
For extra data, see:

PostgreSQL launch notes vom 2024-05-09 (09.05.2024)
For extra data, see:

Version historical past of this safety alert

This is model 5 of this PostgreSQL IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can examine modifications or additions on this model historical past.

May 9, 2024 – First model
May 14, 2024 – New updates from SUSE added
May 20, 2024 – New updates from SUSE added
May 23, 2024 – New updates from SUSE added
May 26, 2024 – New updates from SUSE added

+++ Editorial be aware: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here one can find sizzling information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy