SUSE: 2023:4495-1 Important: Handle PostgreSQL Security Issues

suse

November 21, 2023

* bsc#1122892 * bsc#1179231 * bsc#1206796 * bsc#1209208 * bsc#1216022

Summary

## This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution

Topics Covered

security advisory buffer overflow integer overflow SUSE PostgreSQL memory disclosure flaw

References

* bsc#1122892

* bsc#1179231

* bsc#1206796

* bsc#1209208

* bsc#1216022

* bsc#1216734

* bsc#1216960

* bsc#1216961

* bsc#1216962

* jsc#PED-5586

Cross-

* CVE-2023-5868

* CVE-2023-5869

* CVE-2023-5870

CVSS scores:

* CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP4

* Basesystem Module 15-SP5

* Legacy Module 15-SP4

* Legacy Module 15-SP5

* openSUSE Leap 15.3

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* Server Applications Module 15-SP4

* Server Applications Module 15-SP5

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP4

* SUSE Linux Enterprise Desktop 15 SP5

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2023:4495-1

Rating: important

Topics Covered

security advisory buffer overflow integer overflow SUSE PostgreSQL memory disclosure flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:4495-1 Important: Handle PostgreSQL Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:4495-1 Important: Handle PostgreSQL Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!