libecpg6-15.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13134 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libecpg6-15.4-1.1 on GA media These are all security issues fixed in the libecpg6-15.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13134 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13134 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-39417/ SUSE CVE CVE-2023-39417 page https://www.suse.com/security/cve/CVE-2023-39418/ SUSE CVE CVE-2023-39418 page openSUSE Tumbleweed libecpg6-15.4-1.1 libecpg6-32bit-15.4-1.1 libpq5-15.4-1.1 libpq5-32bit-15.4-1.1 postgresql15-15.4-1.1 postgresql15-contrib-15.4-1.1 postgresql15-devel-15.4-1.1 postgresql15-docs-15.4-1.1 postgresql15-llvmjit-15.4-1.1 postgresql15-llvmjit-devel-15.4-1.1 postgresql15-plperl-15.4-1.1 postgresql15-plpython-15.4-1.1 postgresql15-pltcl-15.4-1.1 postgresql15-server-15.4-1.1 postgresql15-server-devel-15.4-1.1 postgresql15-test-15.4-1.1 libecpg6-15.4-1.1 as a component of openSUSE Tumbleweed libecpg6-32bit-15.4-1.1 as a component of openSUSE Tumbleweed libpq5-15.4-1.1 as a component of openSUSE Tumbleweed libpq5-32bit-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-contrib-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-devel-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-docs-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-llvmjit-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-llvmjit-devel-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-plperl-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-plpython-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-pltcl-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-server-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-server-devel-15.4-1.1 as a component of openSUSE Tumbleweed postgresql15-test-15.4-1.1 as a component of openSUSE Tumbleweed IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. CVE-2023-39417 openSUSE Tumbleweed:libecpg6-15.4-1.1 openSUSE Tumbleweed:libecpg6-32bit-15.4-1.1 openSUSE Tumbleweed:libpq5-15.4-1.1 openSUSE Tumbleweed:libpq5-32bit-15.4-1.1 openSUSE Tumbleweed:postgresql15-15.4-1.1 openSUSE Tumbleweed:postgresql15-contrib-15.4-1.1 openSUSE Tumbleweed:postgresql15-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-docs-15.4-1.1 openSUSE Tumbleweed:postgresql15-llvmjit-15.4-1.1 openSUSE Tumbleweed:postgresql15-llvmjit-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-plperl-15.4-1.1 openSUSE Tumbleweed:postgresql15-plpython-15.4-1.1 openSUSE Tumbleweed:postgresql15-pltcl-15.4-1.1 openSUSE Tumbleweed:postgresql15-server-15.4-1.1 openSUSE Tumbleweed:postgresql15-server-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-test-15.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-39417.html CVE-2023-39417 https://bugzilla.suse.com/1214059 SUSE Bug 1214059 A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. CVE-2023-39418 openSUSE Tumbleweed:libecpg6-15.4-1.1 openSUSE Tumbleweed:libecpg6-32bit-15.4-1.1 openSUSE Tumbleweed:libpq5-15.4-1.1 openSUSE Tumbleweed:libpq5-32bit-15.4-1.1 openSUSE Tumbleweed:postgresql15-15.4-1.1 openSUSE Tumbleweed:postgresql15-contrib-15.4-1.1 openSUSE Tumbleweed:postgresql15-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-docs-15.4-1.1 openSUSE Tumbleweed:postgresql15-llvmjit-15.4-1.1 openSUSE Tumbleweed:postgresql15-llvmjit-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-plperl-15.4-1.1 openSUSE Tumbleweed:postgresql15-plpython-15.4-1.1 openSUSE Tumbleweed:postgresql15-pltcl-15.4-1.1 openSUSE Tumbleweed:postgresql15-server-15.4-1.1 openSUSE Tumbleweed:postgresql15-server-devel-15.4-1.1 openSUSE Tumbleweed:postgresql15-test-15.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-39418.html CVE-2023-39418 https://bugzilla.suse.com/1214061 SUSE Bug 1214061