From 0e5261e912343d5daa91689071b79edde137d58f Mon Sep 17 00:00:00 2001 From: Dj Walker-Morgan Date: Thu, 9 May 2024 18:02:46 +0100 Subject: [PATCH] Snagging fixes for security links Signed-off-by: Dj Walker-Morgan --- advocacy_docs/security/assessments/cve-2024-4317.mdx | 4 ++-- advocacy_docs/security/assessments/index.mdx | 2 +- advocacy_docs/security/index.mdx | 2 +- .../docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx | 2 +- .../docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/advocacy_docs/security/assessments/cve-2024-4317.mdx b/advocacy_docs/security/assessments/cve-2024-4317.mdx index d553264aa94..80fb9465a8b 100644 --- a/advocacy_docs/security/assessments/cve-2024-4317.mdx +++ b/advocacy_docs/security/assessments/cve-2024-4317.mdx @@ -1,7 +1,7 @@ --- title: CVE-2024-4317 - Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner navTitle: CVE-2024-4317 -affectedProducts: TBD +affectedProducts: All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12 --- First Published: 2024/05/09 @@ -25,7 +25,7 @@ CVSS Temporal Score: Undefined CVSS Environmental Score: Undefined -CVSS Vector: TBC +CVSS Vector: [AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N&version=3.0) ## Affected products and versions diff --git a/advocacy_docs/security/assessments/index.mdx b/advocacy_docs/security/assessments/index.mdx index 9202d30d36e..230a29edaec 100644 --- a/advocacy_docs/security/assessments/index.mdx +++ b/advocacy_docs/security/assessments/index.mdx @@ -32,7 +32,7 @@ The CVEs listed in this section are from PostgreSQL and other parties who have r   Read Assessment   Updated: 2024/05/09

Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner

-
TBD
+
All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12
Summary:  diff --git a/advocacy_docs/security/index.mdx b/advocacy_docs/security/index.mdx index b198d05e9e7..97b759e447f 100644 --- a/advocacy_docs/security/index.mdx +++ b/advocacy_docs/security/index.mdx @@ -60,7 +60,7 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 and prior   Read Assessment   Updated: 2024/05/09

Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner

-
TBD
+
All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12
Summary:  diff --git a/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx b/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx index e10641507f9..13a411b0f0a 100644 --- a/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx +++ b/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx @@ -10,7 +10,7 @@ EDB Postgres Advanced Server 15.7.0 includes the following enhancements and bug | Type | Description | Addresses                | |-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| | Upstream merge | Merged with community PostgreSQL 15.7. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 15.7 Release Notes](https://www.postgresql.org/docs/release/15.7/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317)| -| Security fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve2024545/) | +| Security fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve20244545/) | | Bug fix | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword. | #36220 | | Bug fix | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`. | #99282 | | Bug fix | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash. | #102746 | diff --git a/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx b/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx index eb6b9caaf4c..df83316226c 100644 --- a/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx +++ b/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx @@ -10,7 +10,7 @@ EDB Postgres Advanced Server 16.3.0 includes the following enhancements and bug | Type | Description | Addresses                | |-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| | Upstream merge | Merged with community PostgreSQL 16.3. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 16.3 Release Notes](https://www.postgresql.org/docs/release/16.3/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317) | -| Security fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve2024545/) | +| Security fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve20244545/) | | Bug fix | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword. | #36220 | | Bug fix | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`. | #99282 | | Bug fix | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash. | #102746 |