SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2020:2149-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.4.2020.2149.1

Category: SuSE Local Security Checks

Title: SUSE: Security Advisory (SUSE-SU-2020:2149-1)

Summary: The remote host is missing an update for the 'postgresql10 and postgresql12 ' package(s) announced via the SUSE-SU-2020:2149-1 advisory.

Description: Summary:
The remote host is missing an update for the 'postgresql10 and postgresql12 ' package(s) announced via the SUSE-SU-2020:2149-1 advisory.

Vulnerability Insight:
This update for postgresql10 and postgresql12 fixes the following issues:

postgresql10 was updated to 10.13 (bsc#1171924).

[links moved to references]

postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985)

- [links moved to references]

postgresql10 was updated to 10.11:

- [links moved to references]

postgresql12 was updated to 12.3 (bsc#1171924).

Bug Fixes and Improvements:

- Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input.
- Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes.
- Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects.
- Allow for a partition to be detached when it has inherited ROW triggers.
- Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails.
- Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression.
- Fix performance regression in floating point overflow/underflow detection.
- Several fixes for full text search, particularly with phrase searching.
- Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause.
- Several reporting fixes for the output of VACUUM VERBOSE.
- Allow input of type circle to accept the format (x,y),r, which is specified in the documentation.
- Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB.
- Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived.
- Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines.
- Several fixes for logical replication and replication slots.
- Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting.
- Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption.
- Ensure that members of the pg_read_all_stats role can read all statistics views.
- Fix performance regression in information_schema.triggers view.
- Fix memory leak in libpq when using sslmode=verify-full.
- Fix crash in psql when attempting to re-establish a failed connection.
- Allow tab-completion of the filename argument to \gx command in psql.
- Add pg_dump support for ALTER ... DEPENDS ON EXTENSION.
- Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end.
- Ensure pg_basebackup generates valid tar files.
- pg_checksums skips tablespace subdirectories that ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'postgresql10 and postgresql12 ' package(s) on SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server for SAP Applications 15.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-1720
https://www.postgresql.org/about/news/2011/
SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Copyright Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.4.2020.2149.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2020:2149-1)
Summary:	The remote host is missing an update for the 'postgresql10 and postgresql12 ' package(s) announced via the SUSE-SU-2020:2149-1 advisory.
Description:	Summary: The remote host is missing an update for the 'postgresql10 and postgresql12 ' package(s) announced via the SUSE-SU-2020:2149-1 advisory. Vulnerability Insight: This update for postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 (bsc#1171924). [links moved to references] postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985) - [links moved to references] postgresql10 was updated to 10.11: - [links moved to references] postgresql12 was updated to 12.3 (bsc#1171924). Bug Fixes and Improvements: - Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input. - Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes. - Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects. - Allow for a partition to be detached when it has inherited ROW triggers. - Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails. - Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression. - Fix performance regression in floating point overflow/underflow detection. - Several fixes for full text search, particularly with phrase searching. - Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause. - Several reporting fixes for the output of VACUUM VERBOSE. - Allow input of type circle to accept the format (x,y),r, which is specified in the documentation. - Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB. - Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived. - Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines. - Several fixes for logical replication and replication slots. - Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting. - Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption. - Ensure that members of the pg_read_all_stats role can read all statistics views. - Fix performance regression in information_schema.triggers view. - Fix memory leak in libpq when using sslmode=verify-full. - Fix crash in psql when attempting to re-establish a failed connection. - Allow tab-completion of the filename argument to \gx command in psql. - Add pg_dump support for ALTER ... DEPENDS ON EXTENSION. - Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end. - Ensure pg_basebackup generates valid tar files. - pg_checksums skips tablespace subdirectories that ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'postgresql10 and postgresql12 ' package(s) on SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server for SAP Applications 15. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1720 https://www.postgresql.org/about/news/2011/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2021 Greenbone AG