CVE-2024-0985 - PostgreSQL security bypass vulnerability

342
2
a month ago
KikSiops
New Contributor III

Hi ,

A vulnerability has been identified in PostgreSQL for which I have been identified as the owner. Can someone assist us to please determine if this system is vulnerable and complete remediation?

Vulnerability Name:CVE-2024-0985 - PostgreSQL security bypass vulnerability

We would like to ask for assistance on how to remediate this?

Affected servers are our ArcGIS Monitors.

 

Thanks in advanced 😊

0 Kudos
2 Replies
MarceloMarques
Esri Regular Contributor

@KikSiops 

If it is a PostgreSQL vulnerability, then install the latest PostgreSQL update.

PostgreSQL: CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbi...

MarceloMarques_0-1713931558482.png

I explain how to patch PostgreSQL in the white papers below.

How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows
How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux

 I hope this clarifies.

| Marcelo Marques | Principal Product Engineer | Esri |
| Cloud & Database Administrator | OCP - Oracle Certified Professional |
I work with Enterprise Geodatabases since 1997.
“ I do not fear computers. I fear the lack of them." Isaac Isimov
DerekLaw
Esri Esteemed Contributor

Hi @KikSiops,

In future, I would ask that you please contact Esri Tech Support directly with possible security vulnerability questions. It is company policy to address these concerns directly with customers to ensure correct and accurate information is communicated. Other reasons: to avoid potential false alarms and to avoid advertising/promoting a potential security issue. 

A good resource to be aware of the the ArcGIS Trust Site: https://trust.arcgis.com/en/

Hope this helps,

0 Kudos