Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2265-1

Опубликовано: 18 авг. 2020
Источник: suse-cvrf

Описание

Security update for postgresql12

This update for postgresql12 fixes the following issues:

  • update to 12.4:

Список пакетов

Container suse/postgres:10
libpq5-12.4-8.6.1
Container suse/postgres:12
libpq5-12.4-8.6.1
postgresql12-12.4-8.6.1
postgresql12-server-12.4-8.6.1
Container suse/postgres:13
libpq5-12.4-8.6.1
Container suse/postgres:14
libpq5-12.4-8.6.1
Container suse/postgres:15
libpq5-12.4-8.6.1
Container suse/postgres:latest
libpq5-12.4-8.6.1
Container trento/trento-db:latest
libpq5-12.4-8.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libpq5-12.4-8.6.1
postgresql12-12.4-8.6.1
postgresql12-contrib-12.4-8.6.1
postgresql12-server-12.4-8.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libpq5-12.4-8.6.1
postgresql12-12.4-8.6.1
postgresql12-contrib-12.4-8.6.1
postgresql12-server-12.4-8.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libpq5-12.4-8.6.1
postgresql12-12.4-8.6.1
postgresql12-contrib-12.4-8.6.1
postgresql12-server-12.4-8.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpq5-12.4-8.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpq5-12.4-8.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libpq5-12.4-8.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libpq5-12.4-8.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libpq5-12.4-8.6.1
libpq5-32bit-12.4-8.6.1
postgresql12-12.4-8.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
libecpg6-12.4-8.6.1
postgresql12-contrib-12.4-8.6.1
postgresql12-devel-12.4-8.6.1
postgresql12-docs-12.4-8.6.1
postgresql12-plperl-12.4-8.6.1
postgresql12-plpython-12.4-8.6.1
postgresql12-pltcl-12.4-8.6.1
postgresql12-server-12.4-8.6.1
postgresql12-server-devel-12.4-8.6.1

Ссылки

Описание

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

Затронутые продукты
Container suse/postgres:10:libpq5-12.4-8.6.1
Container suse/postgres:12:libpq5-12.4-8.6.1
Container suse/postgres:12:postgresql12-12.4-8.6.1
Container suse/postgres:12:postgresql12-server-12.4-8.6.1
Ссылки

Описание

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Затронутые продукты
Container suse/postgres:10:libpq5-12.4-8.6.1
Container suse/postgres:12:libpq5-12.4-8.6.1
Container suse/postgres:12:postgresql12-12.4-8.6.1
Container suse/postgres:12:postgresql12-server-12.4-8.6.1
Ссылки
Уязвимость SUSE-SU-2020:2265-1