Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:01654-1

Опубликовано: 22 мая 2025
Источник: suse-cvrf

Описание

Security update for postgresql13

This update for postgresql13 fixes the following issues:

Upgrade to 13.21:

  • CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)

Changelog:

https://www.postgresql.org/docs/release/13.21/

Список пакетов

openSUSE Leap 15.6
postgresql13-13.21-150600.14.8.1
postgresql13-contrib-13.21-150600.14.8.1
postgresql13-devel-13.21-150600.14.8.1
postgresql13-docs-13.21-150600.14.8.1
postgresql13-llvmjit-13.21-150600.14.8.1
postgresql13-llvmjit-devel-13.21-150600.14.8.1
postgresql13-plperl-13.21-150600.14.8.1
postgresql13-plpython-13.21-150600.14.8.1
postgresql13-pltcl-13.21-150600.14.8.1
postgresql13-server-13.21-150600.14.8.1
postgresql13-server-devel-13.21-150600.14.8.1
postgresql13-test-13.21-150600.14.8.1

Ссылки

Описание

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Затронутые продукты
openSUSE Leap 15.6:postgresql13-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-contrib-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-devel-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-docs-13.21-150600.14.8.1
Ссылки
Уязвимость SUSE-SU-2025:01654-1