postgresql-jdbc-42.7.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13734 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z postgresql-jdbc-42.7.2-1.1 on GA media These are all security issues fixed in the postgresql-jdbc-42.7.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13734 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13734 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-1597/ SUSE CVE CVE-2024-1597 page openSUSE Tumbleweed postgresql-jdbc-42.7.2-1.1 postgresql-jdbc-javadoc-42.7.2-1.1 postgresql-jdbc-42.7.2-1.1 as a component of openSUSE Tumbleweed postgresql-jdbc-javadoc-42.7.2-1.1 as a component of openSUSE Tumbleweed pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. CVE-2024-1597 openSUSE Tumbleweed:postgresql-jdbc-42.7.2-1.1 openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1597.html CVE-2024-1597 https://bugzilla.suse.com/1220644 SUSE Bug 1220644