StarlingX

Debian CVE-2022-1552: postgresql: xecute arbitrary SQL functions under a superuser identity

Bug #1994110 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Yue Tao

Bug Description

CVE-2022-1552: [https://nvd.nist.gov/vuln/detail/CVE-2022-1552]
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-1552 fixed 8.8 N L N N H

References:
https://security-tracker.debian.org/tracker/DSA-5136-1

['libpq5_13.5-0+deb11u1_amd64.deb===>libpq5_13.7-0+deb11u1_amd64.deb', 'postgresql-13_13.5-0+deb11u1_amd64.deb===>postgresql-13_13.7-0+deb11u1_amd64.deb', 'postgresql-client-13_13.5-0+deb11u1_amd64.deb===>postgresql-client-13_13.7-0+deb11u1_amd64.deb']

Found during August 2022 CVE scan using vulscan

CVE References

Revision history for this message
Ghada Khalil (gkhalil) wrote :

screening: stx.8.0 / medium - CVE meets the stx fix criteria

information type: Public → Public Security
Changed in starlingx:
status: New → Triaged
importance: Undecided → Medium
tags: added: stx.8.0 stx.security
Changed in starlingx:
assignee: nobody → Yue Tao (wrytao)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/864272

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/864272
Committed: https://opendev.org/starlingx/tools/commit/b18a72a7d8eec8effd1693aca95bf154309ba6a5
Submitter: "Zuul (22348)"
Branch: master

commit b18a72a7d8eec8effd1693aca95bf154309ba6a5
Author: Wentao Zhang <email address hidden>
Date: Wed Nov 9 09:45:10 2022 +0800

    Debian: postgresql:fix CVE-2022-1552

    Upgrade libpq5,postgresql-13,postgresql-client-13 to the
    version that CVE-2022-2509 have been fixed:

    libpq5_13.5-0+deb11u1_amd64.deb to
    libpq5_13.7-0+deb11u1_amd64.deb
    postgresql-13_13.5-0+deb11u1_amd64.deb to
    postgresql-13_13.7-0+deb11u1_amd64.deb
    postgresql-client-13_13.5-0+deb11u1_amd64.deb to
    postgresql-client-13_13.7-0+deb11u1_amd64.deb

    Also align the version of libpq-dev which is the build
    dependencies of libpq5.

    (Refer to https://security-tracker.debian.org/tracker/DSA-5136-1)

    This fix provides the URL of the package in base-bullseye.lst to
    make sure that the binary package can be downloaded no matter how
    the upstream changes.

    Test plan:
    PASS: build-pkgs --clean --all && build-image

    Closes-bug: 1994110
    Signed-off-by: Wentao Zhang<email address hidden>
    Change-Id: I6f592c2f5bbdc07a4810fc386df21cfa0d2fca1a

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.