SUSE: 2023:4433-1 Important: PostgreSQL12 Memory Leak Issues

suse

November 14, 2023

* bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962

Summary

## This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961)

Topics Covered

security advisory SUSE memory disclosure postgresql12 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870

References

* bsc#1216022

* bsc#1216734

* bsc#1216960

* bsc#1216961

* bsc#1216962

Cross-

* CVE-2023-5868

* CVE-2023-5869

* CVE-2023-5870

CVSS scores:

* CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves three vulnerabilities and has two security fixes can now

be installed.

* https://www.suse.com/security/cve/CVE-2023-5868.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2023:4433-1

Rating: important

Topics Covered

security advisory SUSE memory disclosure postgresql12 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:4433-1 Important: PostgreSQL12 Memory Leak Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:4433-1 Important: PostgreSQL12 Memory Leak Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!