Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

SUSE: 2021:0175-1 Moderate: PostgreSQL 13 Critical Security Update

suse
Calendar Grey January 20, 2021
Dist Suse Esm H88
SUSE Security Patch for PostgreSQL 13 resolves various vulnerabilities and improves functionalities. Maintain your security!
An update that solves three vulnerabilities, contains one feature and has one errata is now available

Summary

This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not

References

#1178666 #1178667 #1178668 #1178961 ECO-3049

Cross- CVE-2020-25694 CVE-2020-25695 CVE-2020-25696

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP2

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2020-25694.html

https://www.suse.com/security/cve/CVE-2020-25695.html

https://www.suse.com/security/cve/CVE-2020-25696.html

https://bugzilla.suse.com/1178666

https://bugzilla.suse.com/1178667

https://bugzilla.suse.com/1178668

https://bugzilla.suse.com/1178961

Announcement ID: SUSE-SU-2021:0175-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.