openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4063-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.856738

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2024:4063-1)

Zusammenfassung: The remote host is missing an update for the 'postgresql, postgresql16, postgresql17' package(s) announced via the SUSE-SU-2024:4063-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'postgresql, postgresql16, postgresql17' package(s) announced via the SUSE-SU-2024:4063-1 advisory.

Vulnerability Insight:
This update for postgresql, postgresql16, postgresql17 fixes the following issues:

This update ships postgresql17 , and fixes security issues with postgresql16:

- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.

- bsc#1219340: The last fix was not correct. Improve it by removing
the dependency again and call fillup only if it is installed.

postgresql16 was updated to 16.6:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLEDATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* [link moved to references]

postgresql16 was updated to 16.5:

* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* [links moved to references]

- Don't build the libs and mini flavor anymore to hand over to
PostgreSQL 17.

* [link moved to references]

postgresql17 is shipped in version 17.2:

* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* [links moved to references]

Upgrade to 17.2:

* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLEDATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'postgresql, postgresql16, postgresql17' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-10976
Common Vulnerability Exposure (CVE) ID: CVE-2024-10977
Common Vulnerability Exposure (CVE) ID: CVE-2024-10978
Common Vulnerability Exposure (CVE) ID: CVE-2024-10979

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.856738
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:4063-1)
Zusammenfassung:	The remote host is missing an update for the 'postgresql, postgresql16, postgresql17' package(s) announced via the SUSE-SU-2024:4063-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'postgresql, postgresql16, postgresql17' package(s) announced via the SUSE-SU-2024:4063-1 advisory. Vulnerability Insight: This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc#1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. - bsc#1219340: The last fix was not correct. Improve it by removing the dependency again and call fillup only if it is installed. postgresql16 was updated to 16.6: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLEDATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. * [link moved to references] postgresql16 was updated to 16.5: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * [links moved to references] - Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17. * [link moved to references] postgresql17 is shipped in version 17.2: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * [links moved to references] Upgrade to 17.2: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLEDATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'postgresql, postgresql16, postgresql17' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-10976 Common Vulnerability Exposure (CVE) ID: CVE-2024-10977 Common Vulnerability Exposure (CVE) ID: CVE-2024-10978 Common Vulnerability Exposure (CVE) ID: CVE-2024-10979
Copyright	Copyright (C) 2024 Greenbone AG