Red Hat Product Errata RHBA-2023:7774 - Bug Fix Advisory
Issued:
2023-12-13
Updated:
2023-12-13

RHBA-2023:7774 - Bug Fix Advisory

Synopsis

updated Red Hat Software Collections for Red Hat Enterprise Linux 7 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat Software Collections for Red Hat Enterprise Linux 7 container images are now available

Description

The Red Hat Software Collections for Red Hat Enterprise Linux 7 container images have been updated to address the following security advisory: RHSA-2023:7770 (see References)

Users of Red Hat Software Collections for Red Hat Enterprise Linux 7 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Software Collections for Red Hat Enterprise Linux 7 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le

Fixes

  • BZ - 2228111 - CVE-2023-39417 postgresql: extension script @substitutions@ within quoting allow SQL injection
  • BZ - 2247168 - CVE-2023-5868 postgresql: Memory disclosure in aggregate function calls
  • BZ - 2247169 - CVE-2023-5869 postgresql: Buffer overrun from integer overflow in array modification
  • BZ - 2247170 - CVE-2023-5870 postgresql: Role pg_signal_backend can signal certain superuser processes.

ppc64le

rhscl/postgresql-12-rhel7@sha256:4b23ce0ed7d95fc730a44206b33efd02e201bff8dee89467b6c02a03d023b4ad
rhscl/postgresql-13-rhel7@sha256:ae938483729e735c82a50cec3ec6a2c5b54ae36a2ac6b798475e908d85e1ab4b

s390x

rhscl/postgresql-12-rhel7@sha256:82974ebbdea2e774e9e907c4d2d4edc2d5577399967424ab1446d5b09538a365
rhscl/postgresql-13-rhel7@sha256:5c9b1611cca2452cb811a72215712c3d2305fc4d268641b34c537797045d9ac7

x86_64

rhscl/postgresql-12-rhel7@sha256:6192306587132a29f9c7a60b5b2b3bc7d7c3c90192714a5cc085ffe419cfeef3
rhscl/postgresql-13-rhel7@sha256:70155afb13cb5b12eb75b1d9c9125d84ac2f69d19968c3350f95d6bf02271eaf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.