Advisory ROSA-SA-2024-2449

Software: postgresql 12.1
OS: ROSA Virtualization 2.1

package_evr_string: postgresql-12.1

CVE-ID: CVE-2020-1720
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability has been discovered in PostgreSQL “ALTER … DEPENDS ON EXTENSION” where subcommands did not perform authorization checks. An authenticated attacker could exploit this vulnerability in certain configurations to perform deletion of objects such as functions, triggers, etc., resulting in database corruption.
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-32029
BDU-ID: 2021-02774
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the implementation of the UPDATE command … RETURNING of the PostgreSQL database management system is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Not current
CVE-REV:

CVE-ID: CVE-2021-3393
BDU-ID: 2021-00810
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to security mechanism flaws. Exploitation of the vulnerability could allow an attacker acting remotely to retrieve column values from an error message (without SELECT privilege)
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-3677
BDU-ID: 2021-04174
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial of service via a specially crafted query
CVE-STATUS: Not Current
CVE-REV: