Описание
Security update for postgresql15
This update for postgresql15 fixes the following issues:
- Update to 15.4
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
- CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061)
Список пакетов
Container suse/postgres:14
libpq5-15.4-150200.5.12.1
Container suse/postgres:15
libpq5-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
Container suse/postgres:latest
libpq5-15.4-150200.5.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpq5-15.4-150200.5.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpq5-15.4-150200.5.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libpq5-15.4-150200.5.12.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libpq5-15.4-150200.5.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libpq5-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libpq5-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
postgresql15-llvmjit-15.4-150200.5.12.1
postgresql15-llvmjit-devel-15.4-150200.5.12.1
postgresql15-test-15.4-150200.5.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libecpg6-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
libecpg6-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
SUSE Manager Proxy 4.2
libecpg6-15.4-150200.5.12.1
libpq5-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
SUSE Manager Server 4.2
libecpg6-15.4-150200.5.12.1
libpq5-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
openSUSE Leap 15.4
libecpg6-15.4-150200.5.12.1
libecpg6-32bit-15.4-150200.5.12.1
libpq5-15.4-150200.5.12.1
libpq5-32bit-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-llvmjit-15.4-150200.5.12.1
postgresql15-llvmjit-devel-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
postgresql15-test-15.4-150200.5.12.1
openSUSE Leap 15.5
libecpg6-15.4-150200.5.12.1
libecpg6-32bit-15.4-150200.5.12.1
libpq5-15.4-150200.5.12.1
libpq5-32bit-15.4-150200.5.12.1
postgresql15-15.4-150200.5.12.1
postgresql15-contrib-15.4-150200.5.12.1
postgresql15-devel-15.4-150200.5.12.1
postgresql15-docs-15.4-150200.5.12.1
postgresql15-llvmjit-15.4-150200.5.12.1
postgresql15-llvmjit-devel-15.4-150200.5.12.1
postgresql15-plperl-15.4-150200.5.12.1
postgresql15-plpython-15.4-150200.5.12.1
postgresql15-pltcl-15.4-150200.5.12.1
postgresql15-server-15.4-150200.5.12.1
postgresql15-server-devel-15.4-150200.5.12.1
postgresql15-test-15.4-150200.5.12.1
Ссылки
- Link for SUSE-SU-2023:3347-1
- E-Mail link for SUSE-SU-2023:3347-1
- SUSE Security Ratings
- SUSE Bug 1214059
- SUSE Bug 1214061
- SUSE CVE CVE-2023-39417 page
- SUSE CVE CVE-2023-39418 page
Описание
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Затронутые продукты
Container suse/postgres:14:libpq5-15.4-150200.5.12.1
Container suse/postgres:15:libpq5-15.4-150200.5.12.1
Container suse/postgres:15:postgresql15-15.4-150200.5.12.1
Container suse/postgres:15:postgresql15-server-15.4-150200.5.12.1
Ссылки
- CVE-2023-39417
- SUSE Bug 1214059
Описание
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Затронутые продукты
Container suse/postgres:14:libpq5-15.4-150200.5.12.1
Container suse/postgres:15:libpq5-15.4-150200.5.12.1
Container suse/postgres:15:postgresql15-15.4-150200.5.12.1
Container suse/postgres:15:postgresql15-server-15.4-150200.5.12.1
Ссылки
- CVE-2023-39418
- SUSE Bug 1214061