Описание
Security update for postgresql12
This update for postgresql12 fixes the following issues:
Upgrade to version 12.6:
- Reindexing might be needed after applying this update.
- CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.2
libecpg6-12.6-lp152.3.16.1
libecpg6-32bit-12.6-lp152.3.16.1
libpq5-12.6-lp152.3.16.1
libpq5-32bit-12.6-lp152.3.16.1
postgresql12-12.6-lp152.3.16.1
postgresql12-contrib-12.6-lp152.3.16.1
postgresql12-devel-12.6-lp152.3.16.1
postgresql12-docs-12.6-lp152.3.16.1
postgresql12-llvmjit-12.6-lp152.3.16.1
postgresql12-plperl-12.6-lp152.3.16.1
postgresql12-plpython-12.6-lp152.3.16.1
postgresql12-pltcl-12.6-lp152.3.16.1
postgresql12-server-12.6-lp152.3.16.1
postgresql12-server-devel-12.6-lp152.3.16.1
postgresql12-test-12.6-lp152.3.16.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0423-1
- SUSE Security Ratings
- SUSE Bug 1179765
- SUSE Bug 1182040
- SUSE CVE CVE-2021-3393 page
Описание
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Затронутые продукты
openSUSE Leap 15.2:libecpg6-12.6-lp152.3.16.1
openSUSE Leap 15.2:libecpg6-32bit-12.6-lp152.3.16.1
openSUSE Leap 15.2:libpq5-12.6-lp152.3.16.1
openSUSE Leap 15.2:libpq5-32bit-12.6-lp152.3.16.1
Ссылки
- CVE-2021-3393
- SUSE Bug 1182040