Community

CVE-2024-0985 - PostgreSQL security bypass vulnerability

251
2
2 weeks ago
KikSiops
by
New Contributor III
2 weeks ago

Hi ,

A vulnerability has been identified in PostgreSQL for which I have been identified as the owner. Can someone assist us to please determine if this system is vulnerable and complete remediation?

Vulnerability Name:CVE-2024-0985 - PostgreSQL security bypass vulnerability

We would like to ask for assistance on how to remediate this?

Affected servers are our ArcGIS Monitors.

 

Thanks in advanced 😊

0 Kudos
2 Replies
MarceloMarques
by Esri Regular Contributor
Esri Regular Contributor
2 weeks ago

@KikSiops 

If it is a PostgreSQL vulnerability, then install the latest PostgreSQL update.

PostgreSQL: CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbi...

MarceloMarques_0-1713931558482.png

I explain how to patch PostgreSQL in the white papers below.

How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Windows
How to Upgrade the PostgreSQL and PostGIS version for the Enterprise Geodatabase on Linux

 I hope this clarifies.

| Marcelo Marques | Principal Product Engineer | Esri |
| Cloud & Database Administrator | OCP - Oracle Certified Professional |
I work with Enterprise Geodatabases since 1997.
“ I do not fear computers. I fear the lack of them." Isaac Isimov
DerekLaw
by Esri Esteemed Contributor
Esri Esteemed Contributor
2 weeks ago

Hi @KikSiops,

In future, I would ask that you please contact Esri Tech Support directly with possible security vulnerability questions. It is company policy to address these concerns directly with customers to ensure correct and accurate information is communicated. Other reasons: to avoid potential false alarms and to avoid advertising/promoting a potential security issue. 

A good resource to be aware of the the ArcGIS Trust Site: https://trust.arcgis.com/en/

Hope this helps,

0 Kudos