Описание
Security update for postgresql12
This update for postgresql12 fixes the following issues:
- update to 12.4:
- CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
- CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
- https://www.postgresql.org/docs/12/release-12-4.html
Список пакетов
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
Ссылки
- Link for SUSE-SU-2020:2271-1
- E-Mail link for SUSE-SU-2020:2271-1
- SUSE Security Ratings
- SUSE Bug 1175193
- SUSE Bug 1175194
- SUSE CVE CVE-2020-14349 page
- SUSE CVE CVE-2020-14350 page
Описание
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Затронутые продукты
Ссылки
- CVE-2020-14349
- SUSE Bug 1175193
- SUSE Bug 1176151
- SUSE Bug 1179499
- SUSE Bug 1179870
Описание
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Затронутые продукты
Ссылки
- CVE-2020-14350
- SUSE Bug 1175194
- SUSE Bug 1176151
- SUSE Bug 1179115
- SUSE Bug 1179499
- SUSE Bug 1179870