StarlingX

[Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs

Bug #2020742 reported by Yue Tao on 2023-05-25

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Unassigned

Bug Description

CVE-2023-2454: https://nvd.nist.gov/vuln/detail/CVE-2023-2454

CVE-2023-2455: https://nvd.nist.gov/vuln/detail/CVE-2023-2455

CVE-2022-2625: https://nvd.nist.gov/vuln/detail/CVE-2022-2625

Base Score: High (refer to https://www.tenable.com/plugins/nessus/175661)

References:

['libpq5_13.7-0+deb11u1_amd64.deb===>libpq5_13.11-0+deb11u1_amd64.deb', 'libpq-dev_13.7-0+deb11u1_amd64.deb===>libpq-dev_13.11-0+deb11u1_amd64.deb', 'postgresql-13_13.7-0+deb11u1_amd64.deb===>postgresql-13_13.11-0+deb11u1_amd64.deb', 'postgresql-client-13_13.7-0+deb11u1_amd64.deb===>postgresql-client-13_13.11-0+deb11u1_amd64.deb']

https://www.debian.org/security/2023/dsa-5401
https://security-tracker.debian.org/tracker/CVE-2022-2625

See original description

Tags:

CVE References

Yue Tao (wrytao) on 2023-05-25

Changed in starlingx:
importance:	Undecided → High
status:	New → Triaged
tags:	added: stx.9.0 stx.security

Yue Tao (wrytao) on 2023-05-25

description:	updated
summary:	- [Debian] CVE: CVE-2023-2454/CVE-2023-2455: postgresql: multiple CVEs + [Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: + multiple CVEs

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-31: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884802

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-31: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884802
Committed: https://opendev.org/starlingx/tools/commit/37f56547ef27840b43962ceb263d8e82f6488faf
Submitter: "Zuul (22348)"
Branch: master

commit 37f56547ef27840b43962ceb263d8e82f6488faf
Author: Haiqing Bai <email address hidden>
Date: Wed May 31 10:41:48 2023 +0800

postgresql: fix CVE-2023-2454/CVE-2023-2455/CVE-2022-2625

    Upgrade libpq5 to 13.11-0+deb11u1
    Upgrade libpq-dev to 13.11-0+deb11u1
    Upgrade postgresql-13 to 13.11-0+deb11u1
    Upgrade postgresql-client-13 to 13.11-0+deb11u1

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2023-2454
    https://security-tracker.debian.org/tracker/CVE-2023-2455
    https://security-tracker.debian.org/tracker/CVE-2022-2625

    Test Plan:
    Pass: downloader -b
    Pass: build-pkgs --clean
    Pass: build-image
    Pass: Jenkins Installation
    PASS: dpkg -l | grep libpq5
          ii libpq5:amd64 13.11-0+deb11u1
          dpkg -l | grep postgresql
          ii postgresql-13 13.11-0+deb11u1
          ii postgresql-client-13 13.11-0+deb11u1

Closes-Bug: 2020742

Change-Id: I54ccdd484867082573ab9e11aa2b5c63fd868bf5
Signed-off-by: Haiqing Bai <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.