Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2989-2

Опубликовано: 26 сент. 2022
Источник: suse-cvrf

Описание

Security update for postgresql14

This update for postgresql14 fixes the following issues:

  • Upgrade to version 14.5:

  • CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

  • Upgrade to version 14.4 (bsc#1200437)

  • Release notes: https://www.postgresql.org/docs/release/14.4/

  • Release announcement: https://www.postgresql.org/about/news/p-2470/

  • Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)

  • Pin to llvm13 until the next patchlevel update (bsc#1198166)

Список пакетов

Container suse/postgres:12
libpq5-14.5-150200.5.17.1
Container suse/postgres:13
libpq5-14.5-150200.5.17.1
Container suse/postgres:14
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Container suse/postgres:15
libpq5-14.5-150200.5.17.1
Container suse/postgres:latest
libpq5-14.5-150200.5.17.1
Container trento/trento-db:latest
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpq5-14.5-150200.5.17.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpq5-14.5-150200.5.17.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpq5-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libpq5-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
postgresql14-llvmjit-14.5-150200.5.17.1
postgresql14-test-14.5-150200.5.17.1

Ссылки

Описание

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Затронутые продукты
Container suse/postgres:12:libpq5-14.5-150200.5.17.1
Container suse/postgres:13:libpq5-14.5-150200.5.17.1
Container suse/postgres:14:libpq5-14.5-150200.5.17.1
Container suse/postgres:14:postgresql14-14.5-150200.5.17.1
Ссылки