https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1414534#M1876 <P><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/441768">@KikSiops</a>&nbsp;<BR /><BR />If it is a PostgreSQL vulnerability, then install the latest PostgreSQL update.<BR /><BR /><A href="https://www.postgresql.org/support/security/CVE-2024-0985/" target="_blank">PostgreSQL: CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL</A></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MarceloMarques_0-1713931558482.png" style="width: 999px;"><img src="https://community.esri.com/t5/image/serverpage/image-id/101944iBC375E665EF29B3D/image-size/large?v=v2&amp;px=999" role="button" title="MarceloMarques_0-1713931558482.png" alt="MarceloMarques_0-1713931558482.png" /></span></P><P>I explain how to patch PostgreSQL in the white papers below.</P><PRE><SPAN class=""><A title="How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows" href="https://esriis-my.sharepoint.com/:b:/g/personal/marc3932_esri_com/EUF5y-AqHuNImi0cOzsYhSgBGzlLh3a2kbjB0IQpU2DTYA?e=6xjkkO" target="_blank" rel="noopener nofollow noreferrer">How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows</A><BR /><A title="How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux" href="https://esriis-my.sharepoint.com/:b:/g/personal/marc3932_esri_com/EWYwGFllF59Hvayum2ejuWIBYRO-rRYq0ZPFQuWt1DIiYg?e=QBoPXW" target="_blank" rel="noopener nofollow noreferrer">How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux</A></SPAN></PRE><P>&nbsp;I hope this clarifies.</P> Wed, 24 Apr 2024 04:06:39 GMT MarceloMarques 2024-04-24T04:06:39Z https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1414522#M1875 <P>Hi ,</P><P>A vulnerability has been identified in PostgreSQL for which I have been identified as the owner. Can someone assist us to please determine if this system is vulnerable and complete remediation?</P><P>Vulnerability Name:CVE-2024-0985 - PostgreSQL security bypass vulnerability</P><P>We would like to ask for assistance on how to remediate this?</P><P>Affected servers are our ArcGIS Monitors.</P><P>&nbsp;</P><P>Thanks in advanced&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Wed, 24 Apr 2024 03:14:03 GMT https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1414522#M1875 KikSiops 2024-04-24T03:14:03Z https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1414534#M1876 <P><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/441768">@KikSiops</a>&nbsp;<BR /><BR />If it is a PostgreSQL vulnerability, then install the latest PostgreSQL update.<BR /><BR /><A href="https://www.postgresql.org/support/security/CVE-2024-0985/" target="_blank">PostgreSQL: CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL</A></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MarceloMarques_0-1713931558482.png" style="width: 999px;"><img src="https://community.esri.com/t5/image/serverpage/image-id/101944iBC375E665EF29B3D/image-size/large?v=v2&amp;px=999" role="button" title="MarceloMarques_0-1713931558482.png" alt="MarceloMarques_0-1713931558482.png" /></span></P><P>I explain how to patch PostgreSQL in the white papers below.</P><PRE><SPAN class=""><A title="How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows" href="https://esriis-my.sharepoint.com/:b:/g/personal/marc3932_esri_com/EUF5y-AqHuNImi0cOzsYhSgBGzlLh3a2kbjB0IQpU2DTYA?e=6xjkkO" target="_blank" rel="noopener nofollow noreferrer">How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows</A><BR /><A title="How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux" href="https://esriis-my.sharepoint.com/:b:/g/personal/marc3932_esri_com/EWYwGFllF59Hvayum2ejuWIBYRO-rRYq0ZPFQuWt1DIiYg?e=QBoPXW" target="_blank" rel="noopener nofollow noreferrer">How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux</A></SPAN></PRE><P>&nbsp;I hope this clarifies.</P> Wed, 24 Apr 2024 04:06:39 GMT https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1414534#M1876 MarceloMarques 2024-04-24T04:06:39Z https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1415500#M1885 <P>Hi&nbsp;<a href="https://community.esri.com/t5/user/viewprofilepage/user-id/441768">@KikSiops</a>,<BR /><BR />In future, I would ask that you please contact Esri Tech Support directly with possible security&nbsp;vulnerability questions. It is company policy to address these concerns directly with customers to ensure correct and accurate information is communicated.&nbsp;Other reasons: to avoid potential false alarms and to avoid advertising/promoting a potential security issue.&nbsp;<BR /><BR />A good resource to be aware of the the ArcGIS Trust Site:&nbsp;<A href="https://trust.arcgis.com/en/" target="_blank">https://trust.arcgis.com/en/</A><BR /><BR />Hope this helps,</P> Thu, 25 Apr 2024 19:05:05 GMT https://community.esri.com/t5/arcgis-monitor-questions/cve-2024-0985-postgresql-security-bypass/m-p/1415500#M1885 DerekLaw 2024-04-25T19:05:05Z