Описание
Security update for postgresql13
This update for postgresql13 fixes the following issues:
Upgrade to version 13.2:
- Updating stored views and reindexing might be needed after applying this update.
- CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
- CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2021:0545-1
- E-Mail link for SUSE-SU-2021:0545-1
- SUSE Security Ratings
- SUSE Bug 1182039
- SUSE Bug 1182040
- SUSE CVE CVE-2021-20229 page
- SUSE CVE CVE-2021-3393 page
Описание
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-20229
- SUSE Bug 1182039
Описание
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Затронутые продукты
Ссылки
- CVE-2021-3393
- SUSE Bug 1182040