Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478).
- CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477).
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP7
pgadmin4-8.5-150600.3.18.1
pgadmin4-doc-8.5-150600.3.18.1
system-user-pgadmin-8.5-150600.3.18.1
SUSE Linux Enterprise Server 15 SP6-LTSS
pgadmin4-8.5-150600.3.18.1
pgadmin4-doc-8.5-150600.3.18.1
system-user-pgadmin-8.5-150600.3.18.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
pgadmin4-8.5-150600.3.18.1
pgadmin4-doc-8.5-150600.3.18.1
system-user-pgadmin-8.5-150600.3.18.1
openSUSE Leap 15.6
pgadmin4-8.5-150600.3.18.1
pgadmin4-cloud-8.5-150600.3.18.1
pgadmin4-desktop-8.5-150600.3.18.1
pgadmin4-doc-8.5-150600.3.18.1
pgadmin4-web-uwsgi-8.5-150600.3.18.1
system-user-pgadmin-8.5-150600.3.18.1
Ссылки
- Link for SUSE-SU-2026:0015-1
- E-Mail link for SUSE-SU-2026:0015-1
- SUSE Security Ratings
- SUSE Bug 1253477
- SUSE Bug 1253478
- SUSE CVE CVE-2025-12764 page
- SUSE CVE CVE-2025-12765 page
Описание
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-8.5-150600.3.18.1
SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-doc-8.5-150600.3.18.1
SUSE Linux Enterprise Module for Python 3 15 SP7:system-user-pgadmin-8.5-150600.3.18.1
SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-8.5-150600.3.18.1
Ссылки
- CVE-2025-12764
- SUSE Bug 1253477
Описание
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-8.5-150600.3.18.1
SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-doc-8.5-150600.3.18.1
SUSE Linux Enterprise Module for Python 3 15 SP7:system-user-pgadmin-8.5-150600.3.18.1
SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-8.5-150600.3.18.1
Ссылки
- CVE-2025-12765
- SUSE Bug 1253478