RHSA-2023:2378: Moderate: postgresql-jdbc security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.Security Fix(es): postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:2378?
The severity of RHSA-2023:2378 is classified as moderate.
How do I fix RHSA-2023:2378?
To fix RHSA-2023:2378, update the postgresql-jdbc package to version 42.2.27-1.el9.
What is the nature of the vulnerability in RHSA-2023:2378?
RHSA-2023:2378 addresses an information leak of prepared statement data due to improper security controls.
Which versions of postgresql-jdbc are affected by RHSA-2023:2378?
Versions of postgresql-jdbc prior to 42.2.27-1.el9 are affected by RHSA-2023:2378.
Is there a workaround for RHSA-2023:2378?
There are no specific workarounds mentioned for RHSA-2023:2378; updating the package is the recommended action.