postgresql14-14.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13670-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z postgresql14-14.11-1.1 on GA media These are all security issues fixed in the postgresql14-14.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13670 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-0985/ SUSE CVE CVE-2024-0985 page openSUSE Tumbleweed postgresql14-14.11-1.1 postgresql14-contrib-14.11-1.1 postgresql14-devel-14.11-1.1 postgresql14-docs-14.11-1.1 postgresql14-llvmjit-14.11-1.1 postgresql14-llvmjit-devel-14.11-1.1 postgresql14-plperl-14.11-1.1 postgresql14-plpython-14.11-1.1 postgresql14-pltcl-14.11-1.1 postgresql14-server-14.11-1.1 postgresql14-server-devel-14.11-1.1 postgresql14-test-14.11-1.1 postgresql14-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-contrib-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-devel-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-docs-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-llvmjit-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-llvmjit-devel-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-plperl-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-plpython-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-pltcl-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-server-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-server-devel-14.11-1.1 as a component of openSUSE Tumbleweed postgresql14-test-14.11-1.1 as a component of openSUSE Tumbleweed Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected. CVE-2024-0985 openSUSE Tumbleweed:postgresql14-14.11-1.1 openSUSE Tumbleweed:postgresql14-contrib-14.11-1.1 openSUSE Tumbleweed:postgresql14-devel-14.11-1.1 openSUSE Tumbleweed:postgresql14-docs-14.11-1.1 openSUSE Tumbleweed:postgresql14-llvmjit-14.11-1.1 openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.11-1.1 openSUSE Tumbleweed:postgresql14-plperl-14.11-1.1 openSUSE Tumbleweed:postgresql14-plpython-14.11-1.1 openSUSE Tumbleweed:postgresql14-pltcl-14.11-1.1 openSUSE Tumbleweed:postgresql14-server-14.11-1.1 openSUSE Tumbleweed:postgresql14-server-devel-14.11-1.1 openSUSE Tumbleweed:postgresql14-test-14.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0985.html CVE-2024-0985 https://bugzilla.suse.com/1219679 SUSE Bug 1219679