Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 2024:4176-1 - Important Security Advisory for postgresql14

suse
Calendar Grey December 4, 2024
Dist Suse Esm H88
The recent PostgreSQL 14 security update tackles several critical vulnerabilities aimed at strengthening the reliability and safety of the database system.
* bsc#1233323 * bsc#1233325 * bsc#1233326 * bsc#1233327

Summary

## This update for postgresql14 fixes the following issues: * CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). * CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). * CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). * CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4176=1

Topics%20covered

Topics Covered

security advisory update vulnerability important SUSE bug report postgresql14

References

* bsc#1233323

* bsc#1233325

* bsc#1233326

* bsc#1233327

Cross-

* CVE-2024-10976

* CVE-2024-10977

* CVE-2024-10978

* CVE-2024-10979

CVSS scores:

* CVE-2024-10976 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-10976 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-10977 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2024-10977 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2024-10978 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-10978 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-10979 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-10979 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:4176-1
Release Date: 2024-12-04T14:54:26Z
Rating: important

Topics%20covered

Topics Covered

security advisory update vulnerability important SUSE bug report postgresql14

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here