SUSE-SU-2025:01783-1

Опубликовано: 30 мая 2025

Источник: suse-cvrf

Описание

Security update for postgresql17

This update for postgresql17 fixes the following issues:

Upgrade to 17.5:

CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)

Changelog:

https://www.postgresql.org/docs/release/17.5/

Список пакетов

SUSE Enterprise Storage 7.1

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

postgresql17-17.5-150200.5.13.1

postgresql17-contrib-17.5-150200.5.13.1

postgresql17-devel-17.5-150200.5.13.1

postgresql17-docs-17.5-150200.5.13.1

postgresql17-plperl-17.5-150200.5.13.1

postgresql17-plpython-17.5-150200.5.13.1

postgresql17-pltcl-17.5-150200.5.13.1

postgresql17-server-17.5-150200.5.13.1

postgresql17-server-devel-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

postgresql17-17.5-150200.5.13.1

postgresql17-contrib-17.5-150200.5.13.1

postgresql17-devel-17.5-150200.5.13.1

postgresql17-docs-17.5-150200.5.13.1

postgresql17-plperl-17.5-150200.5.13.1

postgresql17-plpython-17.5-150200.5.13.1

postgresql17-pltcl-17.5-150200.5.13.1

postgresql17-server-17.5-150200.5.13.1

postgresql17-server-devel-17.5-150200.5.13.1

SUSE Linux Enterprise Server 15 SP3-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

SUSE Linux Enterprise Server 15 SP4-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

SUSE Linux Enterprise Server 15 SP5-LTSS

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

postgresql17-17.5-150200.5.13.1

postgresql17-contrib-17.5-150200.5.13.1

postgresql17-devel-17.5-150200.5.13.1

postgresql17-docs-17.5-150200.5.13.1

postgresql17-plperl-17.5-150200.5.13.1

postgresql17-plpython-17.5-150200.5.13.1

postgresql17-pltcl-17.5-150200.5.13.1

postgresql17-server-17.5-150200.5.13.1

postgresql17-server-devel-17.5-150200.5.13.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

postgresql17-17.5-150200.5.13.1

postgresql17-contrib-17.5-150200.5.13.1

postgresql17-devel-17.5-150200.5.13.1

postgresql17-docs-17.5-150200.5.13.1

postgresql17-plperl-17.5-150200.5.13.1

postgresql17-plpython-17.5-150200.5.13.1

postgresql17-pltcl-17.5-150200.5.13.1

postgresql17-server-17.5-150200.5.13.1

postgresql17-server-devel-17.5-150200.5.13.1

SUSE Manager Proxy 4.3

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

SUSE Manager Server 4.3

libecpg6-17.5-150200.5.13.1

libpq5-17.5-150200.5.13.1

libpq5-32bit-17.5-150200.5.13.1

postgresql17-17.5-150200.5.13.1

postgresql17-contrib-17.5-150200.5.13.1

postgresql17-devel-17.5-150200.5.13.1

postgresql17-docs-17.5-150200.5.13.1

postgresql17-plperl-17.5-150200.5.13.1

postgresql17-plpython-17.5-150200.5.13.1

postgresql17-pltcl-17.5-150200.5.13.1

postgresql17-server-17.5-150200.5.13.1

postgresql17-server-devel-17.5-150200.5.13.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501783-1/
Link for SUSE-SU-2025:01783-1
https://lists.suse.com/pipermail/sle-updates/2025-May/039462.html
E-Mail link for SUSE-SU-2025:01783-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242931
SUSE Bug 1242931
https://www.suse.com/security/cve/CVE-2025-4207/
SUSE CVE CVE-2025-4207 page

Описание

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Затронутые продукты

SUSE Enterprise Storage 7.1:libecpg6-17.5-150200.5.13.1

SUSE Enterprise Storage 7.1:libpq5-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libecpg6-17.5-150200.5.13.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpq5-17.5-150200.5.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4207.html
CVE-2025-4207
https://bugzilla.suse.com/1242931
SUSE Bug 1242931

SUSE-SU-2025:01783-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2025-4207

Описание

Затронутые продукты

Ссылки