Описание
Security update for postgresql15
This update for postgresql15 fixes the following issues:
- Update to 14.9
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
Список пакетов
Container suse/postgres:14
postgresql14-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
postgresql14-14.9-150200.5.29.1
SUSE Linux Enterprise Module for Legacy 15 SP5
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-llvmjit-14.9-150200.5.29.1
postgresql14-llvmjit-devel-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
postgresql14-llvmjit-14.9-150200.5.29.1
postgresql14-llvmjit-devel-14.9-150200.5.29.1
postgresql14-test-14.9-150200.5.29.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
postgresql14-llvmjit-14.9-150200.5.29.1
postgresql14-test-14.9-150200.5.29.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
SUSE Manager Proxy 4.2
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
SUSE Manager Server 4.2
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
openSUSE Leap 15.4
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-llvmjit-14.9-150200.5.29.1
postgresql14-llvmjit-devel-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
postgresql14-test-14.9-150200.5.29.1
openSUSE Leap 15.5
postgresql14-14.9-150200.5.29.1
postgresql14-contrib-14.9-150200.5.29.1
postgresql14-devel-14.9-150200.5.29.1
postgresql14-docs-14.9-150200.5.29.1
postgresql14-llvmjit-14.9-150200.5.29.1
postgresql14-llvmjit-devel-14.9-150200.5.29.1
postgresql14-plperl-14.9-150200.5.29.1
postgresql14-plpython-14.9-150200.5.29.1
postgresql14-pltcl-14.9-150200.5.29.1
postgresql14-server-14.9-150200.5.29.1
postgresql14-server-devel-14.9-150200.5.29.1
postgresql14-test-14.9-150200.5.29.1
Ссылки
- Link for SUSE-SU-2023:3348-1
- E-Mail link for SUSE-SU-2023:3348-1
- SUSE Security Ratings
- SUSE Bug 1214059
- SUSE CVE CVE-2023-39417 page
Описание
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Затронутые продукты
Container suse/postgres:14:postgresql14-14.9-150200.5.29.1
Container suse/postgres:14:postgresql14-server-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-14.9-150200.5.29.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-contrib-14.9-150200.5.29.1
Ссылки
- CVE-2023-39417
- SUSE Bug 1214059