Red Hat Security Advisory: postgresql security update
Multiple security vulnerabilities have been identified in PostgreSQL as used in Red Hat Enterprise Linux 9. These include issues where SET ROLE and SET SESSION AUTHORIZATION reset to the wrong user ID (CVE-2024-10978), PL/Perl environment variable changes can lead to arbitrary code execution (CVE-2024-10979), and row security mechanisms such as subqueries disregard user ID changes (CVE-2024-10976). Red Hat has issued an important security advisory with updates addressing these vulnerabilities. The advisory covers various Red Hat Enterprise Linux 9 variants and related packages.
AI Analysis
Technical Summary
Red Hat Product Security issued an advisory (RHSA-2024:10791) for PostgreSQL vulnerabilities affecting Red Hat Enterprise Linux 9. The vulnerabilities include: CVE-2024-10978, where SET ROLE and SET SESSION AUTHORIZATION commands reset to the wrong user ID; CVE-2024-10979, where PL/Perl environment variable changes can lead to arbitrary code execution; and CVE-2024-10976, where PostgreSQL row security policies disregard user ID changes in subqueries. These issues could impact database security by allowing privilege mismanagement and code execution. The advisory provides updated PostgreSQL packages to address these vulnerabilities.
Potential Impact
The vulnerabilities could allow unauthorized privilege escalation due to incorrect user ID resets, arbitrary code execution through PL/Perl environment variable manipulation, and bypassing of row security policies due to disregarded user ID changes in subqueries. This could compromise database integrity, confidentiality, and availability if exploited.
Mitigation Recommendations
Red Hat has released updated PostgreSQL packages for Red Hat Enterprise Linux 9 to address these vulnerabilities. Users should apply these official updates promptly. For detailed update instructions, refer to Red Hat's advisory and article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the provided patches.
Red Hat Security Advisory: postgresql security update
Description
Multiple security vulnerabilities have been identified in PostgreSQL as used in Red Hat Enterprise Linux 9. These include issues where SET ROLE and SET SESSION AUTHORIZATION reset to the wrong user ID (CVE-2024-10978), PL/Perl environment variable changes can lead to arbitrary code execution (CVE-2024-10979), and row security mechanisms such as subqueries disregard user ID changes (CVE-2024-10976). Red Hat has issued an important security advisory with updates addressing these vulnerabilities. The advisory covers various Red Hat Enterprise Linux 9 variants and related packages.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security issued an advisory (RHSA-2024:10791) for PostgreSQL vulnerabilities affecting Red Hat Enterprise Linux 9. The vulnerabilities include: CVE-2024-10978, where SET ROLE and SET SESSION AUTHORIZATION commands reset to the wrong user ID; CVE-2024-10979, where PL/Perl environment variable changes can lead to arbitrary code execution; and CVE-2024-10976, where PostgreSQL row security policies disregard user ID changes in subqueries. These issues could impact database security by allowing privilege mismanagement and code execution. The advisory provides updated PostgreSQL packages to address these vulnerabilities.
Potential Impact
The vulnerabilities could allow unauthorized privilege escalation due to incorrect user ID resets, arbitrary code execution through PL/Perl environment variable manipulation, and bypassing of row security policies due to disregarded user ID changes in subqueries. This could compromise database integrity, confidentiality, and availability if exploited.
Mitigation Recommendations
Red Hat has released updated PostgreSQL packages for Red Hat Enterprise Linux 9 to address these vulnerabilities. Users should apply these official updates promptly. For detailed update instructions, refer to Red Hat's advisory and article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the provided patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:10791
- Cve Count
- 3
- Additional Cves
- ["CVE-2024-10978","CVE-2024-10979"]
- Cvss Version
- null
Threat ID: 6a3da2004853345fc1836ccb
Added to database: 06/25/2026, 21:47:44 UTC
Last enriched: 06/25/2026, 22:55:10 UTC
Last updated: 06/25/2026, 23:00:54 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.