Security update for postgresql12 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0544-1 Final 1 1 2021-02-22T12:55:16Z current 2021-02-22T12:55:16Z 2021-02-22T12:55:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql12 This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/postgres:12-2021-544,Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure-2021-544,Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM-2021-544,Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE-2021-544,SUSE-2021-544,SUSE-SLE-Module-Basesystem-15-SP2-2021-544,SUSE-SLE-Module-Server-Applications-15-SP2-2021-544 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210544-1/ Link for SUSE-SU-2021:0544-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008359.html E-Mail link for SUSE-SU-2021:0544-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179765 SUSE Bug 1179765 https://bugzilla.suse.com/1182040 SUSE Bug 1182040 https://www.suse.com/security/cve/CVE-2021-3393/ SUSE CVE CVE-2021-3393 page Container suse/postgres:12 Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-12.6-8.16.1 postgresql12-server-12.6-8.16.1 postgresql12-contrib-12.6-8.16.1 postgresql12-devel-12.6-8.16.1 postgresql12-docs-12.6-8.16.1 postgresql12-plperl-12.6-8.16.1 postgresql12-plpython-12.6-8.16.1 postgresql12-pltcl-12.6-8.16.1 postgresql12-server-devel-12.6-8.16.1 postgresql12-test-12.6-8.16.1 postgresql12-12.6-8.16.1 as a component of Container suse/postgres:12 postgresql12-server-12.6-8.16.1 as a component of Container suse/postgres:12 postgresql12-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure postgresql12-contrib-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure postgresql12-server-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure postgresql12-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM postgresql12-contrib-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM postgresql12-server-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM postgresql12-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE postgresql12-contrib-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE postgresql12-server-12.6-8.16.1 as a component of Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE postgresql12-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 postgresql12-contrib-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-devel-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-docs-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-plperl-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-plpython-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-pltcl-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-server-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 postgresql12-server-devel-12.6-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. CVE-2021-3393 Container suse/postgres:12:postgresql12-12.6-8.16.1 Container suse/postgres:12:postgresql12-server-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:postgresql12-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:postgresql12-contrib-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:postgresql12-server-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:postgresql12-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:postgresql12-contrib-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:postgresql12-server-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE:postgresql12-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE:postgresql12-contrib-12.6-8.16.1 Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE:postgresql12-server-12.6-8.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:postgresql12-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-contrib-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-devel-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-docs-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-plperl-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-plpython-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-pltcl-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-server-12.6-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:postgresql12-server-devel-12.6-8.16.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210544-1/ https://www.suse.com/security/cve/CVE-2021-3393.html CVE-2021-3393 https://bugzilla.suse.com/1182040 SUSE Bug 1182040