SUSE-SU-2023:3384-1

Опубликовано: 23 авг. 2023

Источник: suse-cvrf

Описание

Security update for postgresql15

This update for postgresql15 fixes the following issues:

Update to 12.16
CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)

Список пакетов

openSUSE Leap 15.4

postgresql12-12.16-150200.8.47.1

postgresql12-contrib-12.16-150200.8.47.1

postgresql12-devel-12.16-150200.8.47.1

postgresql12-docs-12.16-150200.8.47.1

postgresql12-llvmjit-12.16-150200.8.47.1

postgresql12-llvmjit-devel-12.16-150200.8.47.1

postgresql12-plperl-12.16-150200.8.47.1

postgresql12-plpython-12.16-150200.8.47.1

postgresql12-pltcl-12.16-150200.8.47.1

postgresql12-server-12.16-150200.8.47.1

postgresql12-server-devel-12.16-150200.8.47.1

postgresql12-test-12.16-150200.8.47.1

openSUSE Leap 15.5

postgresql12-12.16-150200.8.47.1

postgresql12-contrib-12.16-150200.8.47.1

postgresql12-devel-12.16-150200.8.47.1

postgresql12-docs-12.16-150200.8.47.1

postgresql12-llvmjit-12.16-150200.8.47.1

postgresql12-llvmjit-devel-12.16-150200.8.47.1

postgresql12-plperl-12.16-150200.8.47.1

postgresql12-plpython-12.16-150200.8.47.1

postgresql12-pltcl-12.16-150200.8.47.1

postgresql12-server-12.16-150200.8.47.1

postgresql12-server-devel-12.16-150200.8.47.1

postgresql12-test-12.16-150200.8.47.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233384-1/
Link for SUSE-SU-2023:3384-1
https://lists.suse.com/pipermail/sle-security-updates/2023-August/015996.html
E-Mail link for SUSE-SU-2023:3384-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214059
SUSE Bug 1214059
https://www.suse.com/security/cve/CVE-2023-39417/
SUSE CVE CVE-2023-39417 page

Описание

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

Затронутые продукты

openSUSE Leap 15.4:postgresql12-12.16-150200.8.47.1

openSUSE Leap 15.4:postgresql12-contrib-12.16-150200.8.47.1

openSUSE Leap 15.4:postgresql12-devel-12.16-150200.8.47.1

openSUSE Leap 15.4:postgresql12-docs-12.16-150200.8.47.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-39417.html
CVE-2023-39417
https://bugzilla.suse.com/1214059
SUSE Bug 1214059

SUSE-SU-2023:3384-1

Описание

Список пакетов

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-39417

Описание

Затронутые продукты

Ссылки