Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

SUSE: 2023:4455-1 Important: PostgreSQL Memory Issues Affecting Server

suse
Calendar Grey November 16, 2023
Scroller Suse
Essential patch released for PostgreSQL 13 tackles weaknesses related to memory management and integer computations.
* bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962

Summary

## This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961)

References

* bsc#1216022

* bsc#1216734

* bsc#1216960

* bsc#1216961

* bsc#1216962

Cross-

* CVE-2023-5868

* CVE-2023-5869

* CVE-2023-5870

CVSS scores:

* CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Galera for Ericsson 15 SP5

* Legacy Module 15-SP4

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4455-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.