Описание
Security update for postgresql-jdbc
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356)
Список пакетов
Container suse/manager/5.0/x86_64/server-attestation:latest
postgresql-jdbc-42.2.25-150400.3.3.2
Container suse/manager/5.0/x86_64/server:latest
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-BYOS
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
postgresql-jdbc-42.2.25-150400.3.3.2
Image server-attestation-image
postgresql-jdbc-42.2.25-150400.3.3.2
Image server-image
postgresql-jdbc-42.2.25-150400.3.3.2
SUSE Linux Enterprise Module for Server Applications 15 SP4
postgresql-jdbc-42.2.25-150400.3.3.2
openSUSE Leap 15.4
postgresql-jdbc-42.2.25-150400.3.3.2
postgresql-jdbc-javadoc-42.2.25-150400.3.3.2
Ссылки
- Link for SUSE-SU-2022:2655-1
- E-Mail link for SUSE-SU-2022:2655-1
- SUSE Security Ratings
- SUSE Bug 1197356
- SUSE CVE CVE-2022-26520 page
Описание
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.
Затронутые продукты
Container suse/manager/5.0/x86_64/server-attestation:latest:postgresql-jdbc-42.2.25-150400.3.3.2
Container suse/manager/5.0/x86_64/server:latest:postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql-jdbc-42.2.25-150400.3.3.2
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:postgresql-jdbc-42.2.25-150400.3.3.2
Ссылки
- CVE-2022-26520
- SUSE Bug 1197356