1.5 Ensure the Latest Security Patches are Applied

Information

PostgreSQL updates are released to resolve bugs, and mitigate vulnerabilities quarterly (or sooner for drastic CVEs). It is recommended that PostgreSQL installations are kept up to date with the latest security updates. The PostgreSQL development group guarantees that point releases (or 'minor releases') will not change the behavior of an existing install and as such are 'safe' to install without fear of changes to your application's behavior.

Rationale:

Maintaining cparity with PostgreSQL patches will help reduce the risk associated with known vulnerabilities present in the PostgreSQL server.

Without the latest security patches, PostgreSQL might have known vulnerabilities which could be used by an attacker to gain access.

Impact:

To update the PostgreSQL server a restart is required which will cause a momentary service outage.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Install the latest patches available for your version:
RHEL:

sudo dnf update $(rpm -qa | grep '^postgresql')

Debian:

sudo apt-get install --only-upgrade $(dpkg-query -W -f '${db:Status-Status} ${Package}\n' 'postgresql*' | awk '$1 != 'not-installed' {print $NF}')

See Also

https://workbench.cisecurity.org/benchmarks/17003

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-22

Plugin: PostgreSQLDB

Control ID: 9c50a2f5792b5da7809d21b47265966d8d9fe58778354207aee0f41533821566