SUSE update for postgresql12



Published: 2022-08-31
Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2021-23214
CVE-2021-23222
CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
CVE-2021-3677
CVE-2022-1552
CVE-2022-2625
CWE-ID CWE-311
CWE-190
CWE-401
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server for SAP
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

SUSE Enterprise Storage
Operating systems & Components / Operating system

SUSE CaaS Platform
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

postgresql12-docs
Operating systems & Components / Operating system package or component

libpq5-32bit-debuginfo
Operating systems & Components / Operating system package or component

libpq5-32bit
Operating systems & Components / Operating system package or component

postgresql12-server-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-server-devel
Operating systems & Components / Operating system package or component

postgresql12-server-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-server
Operating systems & Components / Operating system package or component

postgresql12-pltcl-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-pltcl
Operating systems & Components / Operating system package or component

postgresql12-plpython-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-plpython
Operating systems & Components / Operating system package or component

postgresql12-plperl-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-plperl
Operating systems & Components / Operating system package or component

postgresql12-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-devel
Operating systems & Components / Operating system package or component

postgresql12-debugsource
Operating systems & Components / Operating system package or component

postgresql12-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-contrib-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-contrib
Operating systems & Components / Operating system package or component

postgresql12
Operating systems & Components / Operating system package or component

libpq5-debuginfo
Operating systems & Components / Operating system package or component

libpq5
Operating systems & Components / Operating system package or component

libecpg6-debuginfo
Operating systems & Components / Operating system package or component

libecpg6
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Missing Encryption of Sensitive Data

EUVDB-ID: #VU58113

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23214

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the way PostgreSQL handles encrypted connections. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Encryption of Sensitive Data

EUVDB-ID: #VU58114

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23222

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the way the libpq process in PostgreSQL handles encrypted connections. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. The attacker can exfiltrate the client's password or other confidential data that might be transmitted early in a session.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU53231

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32027

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing certain SQL array values during array subscribing calculation. An authenticated database user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system and can be exploited by a remote unauthenticated attacker via SQL injection vulnerability in the frontend application.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU53232

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32028

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak within the INSERT ... ON CONFLICT ... DO UPDATE command implementation. A remote authenticated database user can execute the affected command to read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU53233

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32029

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when processing UPDATE ... RETURNING command on a purpose-crafted partitioned table. A remote authenticated user can run the affected command and read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU59043

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3677

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63126

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1552

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incorrectly imposed security restrictions in Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck. A remote authenticated user with permission to create non-temp objects can execute arbitrary SQL functions under a superuser identity and escalate privileges within the application.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66429

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2625

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to extension scripts can replace objects that do not belong to the extension when using the CREATE OR REPLACE or CREATE IF NOT EXISTS commands. A remote user with (1) permissions to create non-temporary objects in at least one schema, (2) ability to lure or wait for an administrator to create or update an affected extension in that schema, and (3) ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS can run arbitrary code as the victim role.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS

SUSE Enterprise Storage: 6

SUSE CaaS Platform: 4.0

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS

postgresql12-docs: before 12.12-150100.3.33.1

libpq5-32bit-debuginfo: before 12.12-150100.3.33.1

libpq5-32bit: before 12.12-150100.3.33.1

postgresql12-server-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-server-devel: before 12.12-150100.3.33.1

postgresql12-server-debuginfo: before 12.12-150100.3.33.1

postgresql12-server: before 12.12-150100.3.33.1

postgresql12-pltcl-debuginfo: before 12.12-150100.3.33.1

postgresql12-pltcl: before 12.12-150100.3.33.1

postgresql12-plpython-debuginfo: before 12.12-150100.3.33.1

postgresql12-plpython: before 12.12-150100.3.33.1

postgresql12-plperl-debuginfo: before 12.12-150100.3.33.1

postgresql12-plperl: before 12.12-150100.3.33.1

postgresql12-devel-debuginfo: before 12.12-150100.3.33.1

postgresql12-devel: before 12.12-150100.3.33.1

postgresql12-debugsource: before 12.12-150100.3.33.1

postgresql12-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib-debuginfo: before 12.12-150100.3.33.1

postgresql12-contrib: before 12.12-150100.3.33.1

postgresql12: before 12.12-150100.3.33.1

libpq5-debuginfo: before 12.12-150100.3.33.1

libpq5: before 12.12-150100.3.33.1

libecpg6-debuginfo: before 12.12-150100.3.33.1

libecpg6: before 12.12-150100.3.33.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222958-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###