RHSA-2023:2867: Moderate: postgresql-jdbc security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.Security Fix(es): postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:2867?
The severity of RHSA-2023:2867 is classified as moderate.
How do I fix RHSA-2023:2867?
To fix RHSA-2023:2867, upgrade the postgresql-jdbc package to version 42.2.14-2.el8.
What vulnerabilities are addressed in RHSA-2023:2867?
RHSA-2023:2867 addresses an information leak of prepared statement data due to insecure handling.
Which packages are affected by RHSA-2023:2867?
The affected packages include postgresql-jdbc and postgresql-jdbc-javadoc versions below 42.2.14-2.el8.
Is there a workaround for RHSA-2023:2867?
There is no specific workaround for RHSA-2023:2867, and upgrading is recommended.