Main Vulnerability Database SB2024051526

SB2024051526 - SUSE update for postgresql16

Published: May 15, 2024

Security Bulletin ID SB2024051526

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Missing Authorization (CVE-ID: CVE-2024-4317)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs. A remote user can read most common values and other statistics from CREATE STATISTICS commands of other users.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20241652-1/

Vulnerable Software

SUSE Linux Enterprise Desktop 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Micro: 5.5
Basesystem Module: 15-SP5
Server Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
openSUSE Leap: 15.5
postgresql16-llvmjit-devel: before 16.3-150200.5.13.1
libpq5-debuginfo: before 16.3-150200.5.13.1
postgresql16-devel-mini: before 16.3-150200.5.13.1
libpq5: before 16.3-150200.5.13.1
postgresql16-llvmjit: before 16.3-150200.5.13.1
postgresql16-debuginfo: before 16.3-150200.5.13.1
postgresql16-debugsource: before 16.3-150200.5.13.1
postgresql16: before 16.3-150200.5.13.1
postgresql16-server-devel-debuginfo: before 16.3-150200.5.13.1
postgresql16-contrib: before 16.3-150200.5.13.1
postgresql16-plperl: before 16.3-150200.5.13.1
postgresql16-plpython: before 16.3-150200.5.13.1
libpq5-32bit: before 16.3-150200.5.13.1
libpq5-32bit-debuginfo: before 16.3-150200.5.13.1
libecpg6-32bit: before 16.3-150200.5.13.1
libecpg6-32bit-debuginfo: before 16.3-150200.5.13.1
postgresql16-docs: before 16.3-150200.5.13.1
postgresql16-pltcl-debuginfo: before 16.3-150200.5.13.1
postgresql16-pltcl: before 16.3-150200.5.13.1
postgresql16-devel: before 16.3-150200.5.13.1
libecpg6-debuginfo: before 16.3-150200.5.13.1
postgresql16-server-debuginfo: before 16.3-150200.5.13.1
postgresql16-mini-debugsource: before 16.3-150200.5.13.1
postgresql16-contrib-debuginfo: before 16.3-150200.5.13.1
postgresql16-server: before 16.3-150200.5.13.1
postgresql16-plperl-debuginfo: before 16.3-150200.5.13.1
postgresql16-llvmjit-debuginfo: before 16.3-150200.5.13.1
libecpg6: before 16.3-150200.5.13.1
postgresql16-test: before 16.3-150200.5.13.1
postgresql16-devel-mini-debuginfo: before 16.3-150200.5.13.1
postgresql16-plpython-debuginfo: before 16.3-150200.5.13.1
postgresql16-server-devel: before 16.3-150200.5.13.1
postgresql16-devel-debuginfo: before 16.3-150200.5.13.1

SB2024051526 - SUSE update for postgresql16

Breakdown by Severity

Description

Remediation

References

Please verify you're human