Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0543-1

Опубликовано: 22 фев. 2021
Источник: suse-cvrf

Описание

Security update for postgresql13

This update for postgresql13 fixes the following issues:

Upgrade to version 13.2:

  • Updating stored views and reindexing might be needed after applying this update.
  • CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
  • CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.

Список пакетов

Container suse/postgres:10
libpq5-13.2-5.6.1
Container suse/postgres:12
libpq5-13.2-5.6.1
Container suse/postgres:13
libpq5-13.2-5.6.1
postgresql13-13.2-5.6.1
postgresql13-server-13.2-5.6.1
Container suse/postgres:14
libpq5-13.2-5.6.1
Container suse/postgres:15
libpq5-13.2-5.6.1
Container suse/postgres:latest
libpq5-13.2-5.6.1
Container trento/trento-db:latest
libpq5-13.2-5.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libpq5-13.2-5.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libpq5-13.2-5.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libpq5-13.2-5.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpq5-13.2-5.6.1
postgresql13-13.2-5.6.1
postgresql13-contrib-13.2-5.6.1
postgresql13-server-13.2-5.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpq5-13.2-5.6.1
postgresql13-13.2-5.6.1
postgresql13-contrib-13.2-5.6.1
postgresql13-server-13.2-5.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpq5-13.2-5.6.1
postgresql13-13.2-5.6.1
postgresql13-contrib-13.2-5.6.1
postgresql13-server-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libpq5-13.2-5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libpq5-13.2-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libpq5-13.2-5.6.1
libpq5-32bit-13.2-5.6.1
postgresql13-13.2-5.6.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
postgresql13-test-13.2-5.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
libecpg6-13.2-5.6.1
postgresql13-contrib-13.2-5.6.1
postgresql13-devel-13.2-5.6.1
postgresql13-docs-13.2-5.6.1
postgresql13-plperl-13.2-5.6.1
postgresql13-plpython-13.2-5.6.1
postgresql13-pltcl-13.2-5.6.1
postgresql13-server-13.2-5.6.1
postgresql13-server-devel-13.2-5.6.1

Ссылки

Описание

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Затронутые продукты
Container suse/postgres:10:libpq5-13.2-5.6.1
Container suse/postgres:12:libpq5-13.2-5.6.1
Container suse/postgres:13:libpq5-13.2-5.6.1
Container suse/postgres:13:postgresql13-13.2-5.6.1
Ссылки

Описание

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

Затронутые продукты
Container suse/postgres:10:libpq5-13.2-5.6.1
Container suse/postgres:12:libpq5-13.2-5.6.1
Container suse/postgres:13:libpq5-13.2-5.6.1
Container suse/postgres:13:postgresql13-13.2-5.6.1
Ссылки
Уязвимость SUSE-SU-2021:0543-1