Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorysoftware updatebug fixSUSE: 2024:4097-1 important: postgresql12 Security Advisory Updates
* bsc#1233323 * bsc#1233325 * bsc#1233326 * bsc#1233327 . # Security update for postgresql12 Announcement ID: SUSE-SU-2024:4097-1 Release Date: 2024-11-28T12:24:21Z Rating: important References: * bsc#1233323 * bsc#1233325 * bsc#1233326 * bsc#1233327 Cross-References: * CVE-2024-10976 * CVE-2024-10977 * CVE-2024-10978 * CVE-2024-10979 CVSS scores: * CVE-2024-10976 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10976 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10977 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-10977 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-10978 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10978 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10979 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-10979 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for postgresql12 fixes the following issues: * CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). * CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). * CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). * CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). ## Patch Instructions: To install this SUSE update use the SUSE recommended installationmethods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4097=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4097=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.22-3.63.1 * postgresql12-pltcl-12.22-3.63.1 * postgresql12-pltcl-debuginfo-12.22-3.63.1 * postgresql12-plperl-12.22-3.63.1 * postgresql12-contrib-debuginfo-12.22-3.63.1 * postgresql12-plpython-debuginfo-12.22-3.63.1 * postgresql12-server-12.22-3.63.1 * postgresql12-plperl-debuginfo-12.22-3.63.1 * postgresql12-debugsource-12.22-3.63.1 * postgresql12-12.22-3.63.1 * postgresql12-plpython-12.22-3.63.1 * postgresql12-contrib-12.22-3.63.1 * postgresql12-server-debuginfo-12.22-3.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * postgresql12-docs-12.22-3.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * postgresql12-debuginfo-12.22-3.63.1 * postgresql12-pltcl-12.22-3.63.1 * postgresql12-pltcl-debuginfo-12.22-3.63.1 * postgresql12-plperl-12.22-3.63.1 * postgresql12-contrib-debuginfo-12.22-3.63.1 * postgresql12-plpython-debuginfo-12.22-3.63.1 * postgresql12-server-12.22-3.63.1 * postgresql12-plperl-debuginfo-12.22-3.63.1 * postgresql12-debugsource-12.22-3.63.1 * postgresql12-12.22-3.63.1 * postgresql12-plpython-12.22-3.63.1 * postgresql12-contrib-12.22-3.63.1 * postgresql12-server-debuginfo-12.22-3.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * postgresql12-docs-12.22-3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10976.html * https://www.suse.com/security/cve/CVE-2024-10977.html *https://www.suse.com/security/cve/CVE-2024-10978.html * https://www.suse.com/security/cve/CVE-2024-10979.html * https://bugzilla.suse.com/show_bug.cgi?id=1233323 * https://bugzilla.suse.com/show_bug.cgi?id=1233325 * https://bugzilla.suse.com/show_bug.cgi?id=1233326 * https://bugzilla.suse.com/show_bug.cgi?id=1233327 . A vital security update for PostgreSQL version 12 fixes several flaws. Make sure your SUSE environment is patched and protected.. PostgreSQL Update, SUSE Security Patch, Linux Threat Management, System Vulnerability Fixes. . Severity: Important. LinuxSecurity.com Team
Nov 28, 2024
•Important
SuSE
100
security advisoryupdatepatchSUSE: 2024:4099-1 important: postgresql12 multiple fixes
* bsc#1233323 * bsc#1233325 * bsc#1233326 * bsc#1233327 . # Security update for postgresql12 Announcement ID: SUSE-SU-2024:4099-1 Release Date: 2024-11-28T12:25:29Z Rating: important References: * bsc#1233323 * bsc#1233325 * bsc#1233326 * bsc#1233327 Cross-References: * CVE-2024-10976 * CVE-2024-10977 * CVE-2024-10978 * CVE-2024-10979 CVSS scores: * CVE-2024-10976 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10976 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10977 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-10977 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-10978 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10978 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-10979 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-10979 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for postgresql12 fixes the following issues: * CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). * CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). * CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). * CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4099=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4099=1 * SUSE Linux Enterprise Server 15 SP2 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4099=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4099=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4099=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4099=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-4099=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4099=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4099=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 *postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 *postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 *postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql12-docs-12.22-150200.8.66.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 *postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql12-docs-12.22-150200.8.66.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-12.22-150200.8.66.1 * postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-llvmjit-debuginfo-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-llvmjit-devel-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-llvmjit-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-test-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * openSUSE Leap 15.5 (noarch) * postgresql12-docs-12.22-150200.8.66.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-12.22-150200.8.66.1 *postgresql12-pltcl-debuginfo-12.22-150200.8.66.1 * postgresql12-server-devel-12.22-150200.8.66.1 * postgresql12-server-debuginfo-12.22-150200.8.66.1 * postgresql12-debuginfo-12.22-150200.8.66.1 * postgresql12-devel-12.22-150200.8.66.1 * postgresql12-plperl-debuginfo-12.22-150200.8.66.1 * postgresql12-server-12.22-150200.8.66.1 * postgresql12-llvmjit-debuginfo-12.22-150200.8.66.1 * postgresql12-contrib-debuginfo-12.22-150200.8.66.1 * postgresql12-pltcl-12.22-150200.8.66.1 * postgresql12-contrib-12.22-150200.8.66.1 * postgresql12-llvmjit-devel-12.22-150200.8.66.1 * postgresql12-plpython-debuginfo-12.22-150200.8.66.1 * postgresql12-12.22-150200.8.66.1 * postgresql12-plperl-12.22-150200.8.66.1 * postgresql12-llvmjit-12.22-150200.8.66.1 * postgresql12-devel-debuginfo-12.22-150200.8.66.1 * postgresql12-debugsource-12.22-150200.8.66.1 * postgresql12-test-12.22-150200.8.66.1 * postgresql12-server-devel-debuginfo-12.22-150200.8.66.1 * openSUSE Leap 15.6 (noarch) * postgresql12-docs-12.22-150200.8.66.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10976.html * https://www.suse.com/security/cve/CVE-2024-10977.html * https://www.suse.com/security/cve/CVE-2024-10978.html * https://www.suse.com/security/cve/CVE-2024-10979.html * https://bugzilla.suse.com/show_bug.cgi?id=1233323 * https://bugzilla.suse.com/show_bug.cgi?id=1233325 * https://bugzilla.suse.com/show_bug.cgi?id=1233326 * https://bugzilla.suse.com/show_bug.cgi?id=1233327 . This notice outlines essential modifications for mysql8, focusing on various vulnerabilities with installation guidance.. postgresql12 security advisory, SUSE update, Linux patch management. . Severity: Important. LinuxSecurity.com Team
Nov 28, 2024
•Important
SuSE
100
security advisorySUSEmemory disclosureSUSE: 2023:4433-1 Important: PostgreSQL12 Memory Leak Issues
* bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 . # Security update for postgresql12 Announcement ID: SUSE-SU-2023:4433-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, becausethey advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Update to 12.17 https://www.postgresql.org/docs/12/release-12-17.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4433=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-debugsource-12.17-3.49.1 * postgresql12-devel-12.17-3.49.1 * postgresql12-devel-debuginfo-12.17-3.49.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql12-server-devel-debuginfo-12.17-3.49.1 * postgresql12-server-devel-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 *postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 ##References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 . Essential patch for postgresql12 resolves major vulnerabilities, boosting stability and protection within SUSE ecosystems.. PostgreSQL Security Patch, SUSE Security Advisory, Postgresql12 Update, Security Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Nov 14, 2023
•Important
SuSE
100
security advisorysoftware patchimportantSUSE: 2022:2990-1 Urgent: MySQL57 Vulnerability Patch Released
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2988-1 Rating: important References: #1198166 #1202368 Cross-References: CVE-2022-2625 CVSS scores: CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update thatsolves one vulnerability and has one errata is now available. Description: This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2988=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2988=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2988=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2988=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2988=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2988=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2988=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2988=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2988=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2988=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2988=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2988=1 - SUSE Enterprise Storage 7: zypper in -t patchSUSE-Storage-7-2022-2988=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-llvmjit-12.12-150200.8.35.1 postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1 postgresql12-llvmjit-devel-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 postgresql12-test-12.12-150200.8.35.1 - openSUSE Leap 15.4 (noarch): postgresql12-docs-12.12-150200.8.35.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-llvmjit-12.12-150200.8.35.1 postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 postgresql12-test-12.12-150200.8.35.1 - openSUSE Leap 15.3 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Manager Server 4.1 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Manager Retail Branch Server 4.1 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Manager Proxy 4.1 (x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Manager Proxy 4.1 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-llvmjit-12.12-150200.8.35.1 postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1 postgresql12-test-12.12-150200.8.35.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): postgresql12-docs-12.12-150200.8.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): postgresql12-12.12-150200.8.35.1 postgresql12-contrib-12.12-150200.8.35.1 postgresql12-contrib-debuginfo-12.12-150200.8.35.1 postgresql12-debuginfo-12.12-150200.8.35.1 postgresql12-debugsource-12.12-150200.8.35.1 postgresql12-devel-12.12-150200.8.35.1 postgresql12-devel-debuginfo-12.12-150200.8.35.1 postgresql12-plperl-12.12-150200.8.35.1 postgresql12-plperl-debuginfo-12.12-150200.8.35.1 postgresql12-plpython-12.12-150200.8.35.1 postgresql12-plpython-debuginfo-12.12-150200.8.35.1 postgresql12-pltcl-12.12-150200.8.35.1 postgresql12-pltcl-debuginfo-12.12-150200.8.35.1 postgresql12-server-12.12-150200.8.35.1 postgresql12-server-debuginfo-12.12-150200.8.35.1 postgresql12-server-devel-12.12-150200.8.35.1 postgresql12-server-devel-debuginfo-12.12-150200.8.35.1 - SUSE Enterprise Storage 7 (noarch): postgresql12-docs-12.12-150200.8.35.1 References: https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1198166 https://bugzilla.suse.com/1202368 . SUSE Security Patch for postgresql12 resolves significant vulnerabilities with guidelines for updating affected installations.. SUSE Security Update, PostgreSQL Fix, Exploit Prevention, Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2022
•Important
SuSE
100
security advisoryupdatevulnerabilitySUSE: 2022:1869-1 Important: PostgreSQL12 Critical Security Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1869-1 Rating: important References: #1199475 Cross-References: CVE-2022-1552 CVSS scores: CVE-2022-1552 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within "security restricted operation" sandboxes (bsc#1199475). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1869=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1869=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.11-3.27.3 postgresql12-devel-12.11-3.27.3 postgresql12-devel-debuginfo-12.11-3.27.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.11-3.27.3 postgresql12-server-devel-debuginfo-12.11-3.27.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.11-3.27.3 postgresql12-contrib-12.11-3.27.3 postgresql12-contrib-debuginfo-12.11-3.27.3 postgresql12-debuginfo-12.11-3.27.3 postgresql12-debugsource-12.11-3.27.3 postgresql12-plperl-12.11-3.27.3 postgresql12-plperl-debuginfo-12.11-3.27.3 postgresql12-plpython-12.11-3.27.3 postgresql12-plpython-debuginfo-12.11-3.27.3 postgresql12-pltcl-12.11-3.27.3 postgresql12-pltcl-debuginfo-12.11-3.27.3 postgresql12-server-12.11-3.27.3 postgresql12-server-debuginfo-12.11-3.27.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.11-3.27.3 References: https://www.suse.com/security/cve/CVE-2022-1552.html https://bugzilla.suse.com/1199475 . SUSE issues patch for postgresql12 tackling the security vulnerability CVE-2022-1552, providing crucial fixes and guidelines.. postgresql Update, SUSE Security, Software Patch, System Vulnerability. . Severity: Important. LinuxSecurity.com Team
May 27, 2022
•Important
SuSE
202
security advisorymoderate threatmemory disclosureopenSUSE 15.3: 2021:3256-1 Moderate: Memory Disclosure in PostgreSQL12
An update that solves one vulnerability and has three fixes is now available. . openSUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3256-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3256=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-8.23.2 postgresql12-contrib-12.8-8.23.2 postgresql12-contrib-debuginfo-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 postgresql12-devel-12.8-8.23.2 postgresql12-devel-debuginfo-12.8-8.23.2 postgresql12-llvmjit-12.8-8.23.2 postgresql12-llvmjit-debuginfo-12.8-8.23.2 postgresql12-plperl-12.8-8.23.2 postgresql12-plperl-debuginfo-12.8-8.23.2 postgresql12-plpython-12.8-8.23.2 postgresql12-plpython-debuginfo-12.8-8.23.2 postgresql12-pltcl-12.8-8.23.2 postgresql12-pltcl-debuginfo-12.8-8.23.2 postgresql12-server-12.8-8.23.2 postgresql12-server-debuginfo-12.8-8.23.2 postgresql12-server-devel-12.8-8.23.2 postgresql12-server-devel-debuginfo-12.8-8.23.2 postgresql12-test-12.8-8.23.2 - openSUSE Leap 15.3 (noarch): postgresql12-docs-12.8-8.23.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 . This patch addresses a vulnerability related to memory exposure in postgresql12 while also providing enhancements for users on openSUSE.. openSUSE Security, postgresql12 update, memory disclosure fix. . LinuxSecurity.com Team
Sep 29, 2021
OpenSUSE
100
security advisorymoderateupdateSUSE Linux Enterprise 15-SP2: 2021:3256-1 Moderate: Memory Disclosure Fix
An update that solves one vulnerability and has three fixes is now available. . SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3256-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3256=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3256=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3256=1 Package List: - SUSE Linux Enterprise Module forServer Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-contrib-12.8-8.23.2 postgresql12-contrib-debuginfo-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 postgresql12-devel-12.8-8.23.2 postgresql12-devel-debuginfo-12.8-8.23.2 postgresql12-plperl-12.8-8.23.2 postgresql12-plperl-debuginfo-12.8-8.23.2 postgresql12-plpython-12.8-8.23.2 postgresql12-plpython-debuginfo-12.8-8.23.2 postgresql12-pltcl-12.8-8.23.2 postgresql12-pltcl-debuginfo-12.8-8.23.2 postgresql12-server-12.8-8.23.2 postgresql12-server-debuginfo-12.8-8.23.2 postgresql12-server-devel-12.8-8.23.2 postgresql12-server-devel-debuginfo-12.8-8.23.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.8-8.23.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-8.23.2 postgresql12-contrib-12.8-8.23.2 postgresql12-contrib-debuginfo-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 postgresql12-devel-12.8-8.23.2 postgresql12-devel-debuginfo-12.8-8.23.2 postgresql12-plperl-12.8-8.23.2 postgresql12-plperl-debuginfo-12.8-8.23.2 postgresql12-plpython-12.8-8.23.2 postgresql12-plpython-debuginfo-12.8-8.23.2 postgresql12-pltcl-12.8-8.23.2 postgresql12-pltcl-debuginfo-12.8-8.23.2 postgresql12-server-12.8-8.23.2 postgresql12-server-debuginfo-12.8-8.23.2 postgresql12-server-devel-12.8-8.23.2 postgresql12-server-devel-debuginfo-12.8-8.23.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.8-8.23.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 . Eradicating CVE-2022-5094, this Red Hat patch for mysql80 incorporates vital improvements and adjustments for enhanced protection.. postgresql updates,suse patch instructions,security fixes,memory disclosure,moderate threat level. . LinuxSecurity.com Team
Sep 29, 2021
SuSE
100
security advisorymoderateupdateSUSE 15-SP2 Security Advisory SUSE-SU-2021:1994-1 PostgreSQL 12 Fixes
An update that solves three vulnerabilities and has three fixes is now available. . SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1994-1 Rating: moderate References: #1179945 #1183118 #1183168 #1185924 #1185925 #1185926 Cross-References: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVSS scores: CVE-2021-32027 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: Upgrade to version 12.7: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered onPackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1994=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1994=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1994=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-contrib-12.7-8.20.1 postgresql12-contrib-debuginfo-12.7-8.20.1 postgresql12-debuginfo-12.7-8.20.1 postgresql12-debugsource-12.7-8.20.1 postgresql12-devel-12.7-8.20.1 postgresql12-devel-debuginfo-12.7-8.20.1 postgresql12-plperl-12.7-8.20.1 postgresql12-plperl-debuginfo-12.7-8.20.1 postgresql12-plpython-12.7-8.20.1 postgresql12-plpython-debuginfo-12.7-8.20.1 postgresql12-pltcl-12.7-8.20.1 postgresql12-pltcl-debuginfo-12.7-8.20.1 postgresql12-server-12.7-8.20.1 postgresql12-server-debuginfo-12.7-8.20.1 postgresql12-server-devel-12.7-8.20.1 postgresql12-server-devel-debuginfo-12.7-8.20.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.7-8.20.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.7-8.20.1 postgresql12-contrib-12.7-8.20.1 postgresql12-contrib-debuginfo-12.7-8.20.1 postgresql12-debuginfo-12.7-8.20.1 postgresql12-debugsource-12.7-8.20.1 postgresql12-devel-12.7-8.20.1 postgresql12-devel-debuginfo-12.7-8.20.1 postgresql12-plperl-12.7-8.20.1 postgresql12-plperl-debuginfo-12.7-8.20.1 postgresql12-plpython-12.7-8.20.1 postgresql12-plpython-debuginfo-12.7-8.20.1 postgresql12-pltcl-12.7-8.20.1 postgresql12-pltcl-debuginfo-12.7-8.20.1 postgresql12-server-12.7-8.20.1 postgresql12-server-debuginfo-12.7-8.20.1 postgresql12-server-devel-12.7-8.20.1 postgresql12-server-devel-debuginfo-12.7-8.20.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.7-8.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-12.7-8.20.1 postgresql12-debuginfo-12.7-8.20.1 postgresql12-debugsource-12.7-8.20.1 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://www.suse.com/security/cve/CVE-2021-32029.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 https://bugzilla.suse.com/1185926 . Red Hat Security Patch addresses multiple concerns in postgresql14, offering solutions for significant flaws to enhance safety measures.. PostgreSQL Update, Software Security Patch, SUSE Linux Enterprise. . LinuxSecurity.com Team
Jun 17, 2021
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!