Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478).
- CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Module for Python 3 15 SP7
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server 15 SP4-LTSS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server 15 SP5-LTSS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server 15 SP6-LTSS
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
pgadmin4-web-4.30-150300.3.21.1
SUSE Manager Proxy LTS 4.3
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
SUSE Manager Server LTS 4.3
pgadmin4-4.30-150300.3.21.1
pgadmin4-doc-4.30-150300.3.21.1
pgadmin4-web-4.30-150300.3.21.1
Ссылки
- Link for SUSE-SU-2026:0016-1
- E-Mail link for SUSE-SU-2026:0016-1
- SUSE Security Ratings
- SUSE Bug 1253477
- SUSE Bug 1253478
- SUSE CVE CVE-2025-12764 page
- SUSE CVE CVE-2025-12765 page
Описание
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.21.1
Ссылки
- CVE-2025-12764
- SUSE Bug 1253477
Описание
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.21.1
Ссылки
- CVE-2025-12765
- SUSE Bug 1253478