Bug 2326253 (CVE-2024-10979) - CVE-2024-10979 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code
Summary: CVE-2024-10979 postgresql: PostgreSQL PL/Perl environment variable changes ex...
Keywords:
Status: NEW
Alias: CVE-2024-10979
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2326462 2326463 2326464 2326456 2326457 2326458 2326459 2326460 2326461
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-14 14:01 UTC by OSIDB Bzimport
Modified: 2025-04-06 18:57 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:10805 0 None None None 2024-12-04 20:18:06 UTC
Red Hat Product Errata RHBA-2024:11014 0 None None None 2024-12-12 19:00:35 UTC
Red Hat Product Errata RHSA-2024:10593 0 None None None 2024-12-02 01:44:27 UTC
Red Hat Product Errata RHSA-2024:10595 0 None None None 2024-12-02 01:42:45 UTC
Red Hat Product Errata RHSA-2024:10677 0 None None None 2024-12-02 13:34:54 UTC
Red Hat Product Errata RHSA-2024:10705 0 None None None 2024-12-02 17:16:25 UTC
Red Hat Product Errata RHSA-2024:10736 0 None None None 2024-12-03 10:05:34 UTC
Red Hat Product Errata RHSA-2024:10739 0 None None None 2024-12-03 11:00:03 UTC
Red Hat Product Errata RHSA-2024:10750 0 None None None 2024-12-03 12:37:17 UTC
Red Hat Product Errata RHSA-2024:10785 0 None None None 2024-12-04 08:43:41 UTC
Red Hat Product Errata RHSA-2024:10787 0 None None None 2024-12-04 09:20:30 UTC
Red Hat Product Errata RHSA-2024:10788 0 None None None 2024-12-04 09:19:48 UTC
Red Hat Product Errata RHSA-2024:10789 0 None None None 2024-12-04 10:35:25 UTC
Red Hat Product Errata RHSA-2024:10791 0 None None None 2024-12-04 15:35:48 UTC
Red Hat Product Errata RHSA-2024:10800 0 None None None 2024-12-04 17:50:38 UTC
Red Hat Product Errata RHSA-2024:10807 0 None None None 2024-12-04 20:30:51 UTC
Red Hat Product Errata RHSA-2024:10827 0 None None None 2024-12-05 06:46:33 UTC
Red Hat Product Errata RHSA-2024:10830 0 None None None 2024-12-05 09:08:21 UTC
Red Hat Product Errata RHSA-2024:10831 0 None None None 2024-12-05 09:08:37 UTC
Red Hat Product Errata RHSA-2024:10832 0 None None None 2024-12-05 09:08:28 UTC
Red Hat Product Errata RHSA-2024:10846 0 None None None 2024-12-05 12:53:11 UTC
Red Hat Product Errata RHSA-2024:10851 0 None None None 2024-12-05 14:57:28 UTC
Red Hat Product Errata RHSA-2024:10879 0 None None None 2024-12-09 09:26:13 UTC
Red Hat Product Errata RHSA-2024:10882 0 None None None 2024-12-09 09:35:55 UTC

Description OSIDB Bzimport 2024-11-14 14:01:36 UTC 
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).  That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Comment 2 errata-xmlrpc 2024-12-02 01:42:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:10595 https://access.redhat.com/errata/RHSA-2024:10595
Comment 3 errata-xmlrpc 2024-12-02 01:44:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:10593 https://access.redhat.com/errata/RHSA-2024:10593
Comment 4 errata-xmlrpc 2024-12-02 13:34:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:10677 https://access.redhat.com/errata/RHSA-2024:10677
Comment 5 errata-xmlrpc 2024-12-02 17:16:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:10705 https://access.redhat.com/errata/RHSA-2024:10705
Comment 6 errata-xmlrpc 2024-12-03 10:05:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:10736 https://access.redhat.com/errata/RHSA-2024:10736
Comment 7 errata-xmlrpc 2024-12-03 11:00:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:10739 https://access.redhat.com/errata/RHSA-2024:10739
Comment 8 errata-xmlrpc 2024-12-03 12:37:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:10750 https://access.redhat.com/errata/RHSA-2024:10750
Comment 9 errata-xmlrpc 2024-12-04 08:43:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10785 https://access.redhat.com/errata/RHSA-2024:10785
Comment 10 errata-xmlrpc 2024-12-04 09:19:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10788 https://access.redhat.com/errata/RHSA-2024:10788
Comment 11 errata-xmlrpc 2024-12-04 09:20:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10787 https://access.redhat.com/errata/RHSA-2024:10787
Comment 12 errata-xmlrpc 2024-12-04 10:35:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:10789 https://access.redhat.com/errata/RHSA-2024:10789
Comment 13 errata-xmlrpc 2024-12-04 15:35:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10791 https://access.redhat.com/errata/RHSA-2024:10791
Comment 14 errata-xmlrpc 2024-12-04 17:50:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:10800 https://access.redhat.com/errata/RHSA-2024:10800
Comment 15 errata-xmlrpc 2024-12-04 20:30:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:10807 https://access.redhat.com/errata/RHSA-2024:10807
Comment 16 errata-xmlrpc 2024-12-05 06:46:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:10827 https://access.redhat.com/errata/RHSA-2024:10827
Comment 17 errata-xmlrpc 2024-12-05 09:08:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10830 https://access.redhat.com/errata/RHSA-2024:10830
Comment 18 errata-xmlrpc 2024-12-05 09:08:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10832 https://access.redhat.com/errata/RHSA-2024:10832
Comment 19 errata-xmlrpc 2024-12-05 09:08:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10831 https://access.redhat.com/errata/RHSA-2024:10831
Comment 20 errata-xmlrpc 2024-12-05 12:53:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:10846 https://access.redhat.com/errata/RHSA-2024:10846
Comment 21 errata-xmlrpc 2024-12-05 14:57:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:10851 https://access.redhat.com/errata/RHSA-2024:10851
Comment 22 errata-xmlrpc 2024-12-09 09:26:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:10879 https://access.redhat.com/errata/RHSA-2024:10879
Comment 23 errata-xmlrpc 2024-12-09 09:35:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:10882 https://access.redhat.com/errata/RHSA-2024:10882
Note You need to log in before you can comment on or make changes to this bug.