SUSE-SU-2025:01786-2

Опубликовано: 11 авг. 2025

Источник: suse-cvrf

Описание

Security update for postgresql14

This update for postgresql14 fixes the following issues:

Upgrade to 14.18:

CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)

Список пакетов

Image SLES15-SP4-Manager-Server-4-3-BYOS

postgresql14-14.18-150200.5.58.1

postgresql14-contrib-14.18-150200.5.58.1

postgresql14-server-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

postgresql14-14.18-150200.5.58.1

postgresql14-contrib-14.18-150200.5.58.1

postgresql14-server-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

postgresql14-14.18-150200.5.58.1

postgresql14-contrib-14.18-150200.5.58.1

postgresql14-server-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

postgresql14-14.18-150200.5.58.1

postgresql14-contrib-14.18-150200.5.58.1

postgresql14-server-14.18-150200.5.58.1

SUSE Linux Enterprise Module for Package Hub 15 SP3

postgresql14-llvmjit-14.18-150200.5.58.1

postgresql14-test-14.18-150200.5.58.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

postgresql14-llvmjit-14.18-150200.5.58.1

postgresql14-llvmjit-devel-14.18-150200.5.58.1

postgresql14-test-14.18-150200.5.58.1

SUSE Linux Enterprise Module for Package Hub 15 SP5

postgresql14-llvmjit-14.18-150200.5.58.1

postgresql14-test-14.18-150200.5.58.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501786-2/
Link for SUSE-SU-2025:01786-2
https://lists.suse.com/pipermail/sle-updates/2025-August/041163.html
E-Mail link for SUSE-SU-2025:01786-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242931
SUSE Bug 1242931
https://www.suse.com/security/cve/CVE-2025-4207/
SUSE CVE CVE-2025-4207 page

Описание

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Затронутые продукты

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:postgresql14-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:postgresql14-contrib-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:postgresql14-server-14.18-150200.5.58.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:postgresql14-14.18-150200.5.58.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4207.html
CVE-2025-4207
https://bugzilla.suse.com/1242931
SUSE Bug 1242931

SUSE-SU-2025:01786-2

Описание

Список пакетов

Image SLES15-SP4-Manager-Server-4-3-BYOS

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

SUSE Linux Enterprise Module for Package Hub 15 SP3

SUSE Linux Enterprise Module for Package Hub 15 SP4

SUSE Linux Enterprise Module for Package Hub 15 SP5

Ссылки

Уязвимость: CVE-2025-4207

Описание

Затронутые продукты

Ссылки