Amazon Redshift Driver Security Update Advisory

Dec 27 2024

Overview

We have released a security update to address a vulnerability in the Apache Redshift Driver. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-12744

Amazon Redshift JDBC Driver version: 2.1.0.31

CVE-2024-12745

Amazon Redshift Python Connector version: 2.1.4

CVE-2024-12746

Amazon Redshift ODBC Driver version: 2.1.5.0

Resolved Vulnerabilities

SQL injection vulnerability when using the getSchemas, getTables, or getColumns Metadata APIs (CVE-2024-12744, CVE-2024-12745)

SQL injection vulnerability when using the SQLTables or SQLColumns Metadata API (CVE-2024-12746)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12744

Amazon Redshift JDBC Driver version: 2.1.0.32

CVE-2024-12745

Amazon Redshift Python Connector version: 2.1.5

CVE-2024-12746

Amazon Redshift ODBC Driver version: 2.1.6.0

References

[1] Issue with RedShift JDBC Driver, Python Connector and ODBC Driver – (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746)
https://aws.amazon.com/ko/security/security-bulletins/AWS-2024-015/

Amazon Redshift Driver Security Update Advisory

Systeminformation Security Update Advisory (CVE-2024-56334)

Siemens Product Security Update Advisory

Tags:

Systeminformation Security Update Advisory (CVE-2024-56334)

Siemens Product Security Update Advisory