By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Are PostgreSQL security patches necessary in RDS?

0

My security team reached out to me about CVE-2024-10979 - a high-severity security flaw in the PostgreSQL database system.

Are Amazon RDS and Amazon Aurora at risk for this exploitation? If so, how do we apply the fix?

2 Answers
3
Accepted Answer

Hello.

It should have been fixed in the minor version mentioned in the documentation below, so I think RDS PostgreSQL also needs to be updated to that minor version.
https://www.postgresql.org/support/security/CVE-2024-10979/

For example, if you are using the 16 series version of RDS PostgreSQL, you will need to update to 16.5.
https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-release-calendar.html

You can change the database engine version by following the steps in the document below.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html

profile picture
EXPERT
answered 18 days ago
profile picture
EXPERT
reviewed 18 days ago
1

Yes, Amazon RDS and Amazon Aurora for PostgreSQL can be at risk for CVE-2024-10979 if they are running an affected version of PostgreSQL.

To apply the fix:

  1. Check your PostgreSQL version in RDS or Aurora.
  2. Update to the patched version. You can enable auto minor version upgrades or manually update through the RDS console.
  3. Verify the update to ensure the fix is applied.

Always make sure to back up your database before performing any updates.

profile picture
answered 18 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions