Security update for postgresql14 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3269-1 Final 1 1 2022-09-14T04:25:58Z current 2022-09-14T04:25:58Z 2022-09-14T04:25:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql14 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3269,SUSE-OpenStack-Cloud-9-2022-3269,SUSE-OpenStack-Cloud-Crowbar-9-2022-3269,SUSE-SLE-SAP-12-SP4-2022-3269,SUSE-SLE-SDK-12-SP5-2022-3269,SUSE-SLE-SERVER-12-SP2-BCL-2022-3269,SUSE-SLE-SERVER-12-SP3-BCL-2022-3269,SUSE-SLE-SERVER-12-SP4-LTSS-2022-3269,SUSE-SLE-SERVER-12-SP5-2022-3269 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223269-1/ Link for SUSE-SU-2022:3269-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012228.html E-Mail link for SUSE-SU-2022:3269-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1198166 SUSE Bug 1198166 https://bugzilla.suse.com/1200437 SUSE Bug 1200437 https://bugzilla.suse.com/1202368 SUSE Bug 1202368 https://www.suse.com/security/cve/CVE-2022-2625/ SUSE CVE CVE-2022-2625 page SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libecpg6-14.5-3.14.9 libecpg6-32bit-14.5-3.14.9 libecpg6-64bit-14.5-3.14.9 libpq5-14.5-3.14.9 libpq5-32bit-14.5-3.14.9 libpq5-64bit-14.5-3.14.9 postgresql14-14.5-3.14.9 postgresql14-contrib-14.5-3.14.9 postgresql14-devel-14.5-3.14.9 postgresql14-devel-mini-14.5-3.14.7 postgresql14-docs-14.5-3.14.9 postgresql14-llvmjit-devel-14.5-3.14.9 postgresql14-plperl-14.5-3.14.9 postgresql14-plpython-14.5-3.14.9 postgresql14-pltcl-14.5-3.14.9 postgresql14-server-14.5-3.14.9 postgresql14-server-devel-14.5-3.14.9 postgresql14-test-14.5-3.14.9 libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-contrib-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-docs-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-plperl-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-plpython-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-pltcl-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql14-server-14.5-3.14.9 as a component of SUSE Linux Enterprise Server 12 SP5 libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libecpg6-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpq5-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpq5-32bit-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-contrib-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-docs-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-plperl-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-plpython-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-pltcl-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-server-14.5-3.14.9 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql14-devel-14.5-3.14.9 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 postgresql14-server-devel-14.5-3.14.9 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libecpg6-14.5-3.14.9 as a component of SUSE OpenStack Cloud 9 libpq5-14.5-3.14.9 as a component of SUSE OpenStack Cloud 9 libpq5-32bit-14.5-3.14.9 as a component of SUSE OpenStack Cloud 9 libecpg6-14.5-3.14.9 as a component of SUSE OpenStack Cloud Crowbar 9 libpq5-14.5-3.14.9 as a component of SUSE OpenStack Cloud Crowbar 9 libpq5-32bit-14.5-3.14.9 as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. CVE-2022-2625 SUSE Linux Enterprise Server 12 SP2-BCL:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP2-BCL:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP2-BCL:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP3-BCL:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP3-BCL:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP3-BCL:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP4-LTSS:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP4-LTSS:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP4-LTSS:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-contrib-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-docs-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-plperl-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-plpython-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-pltcl-14.5-3.14.9 SUSE Linux Enterprise Server 12 SP5:postgresql14-server-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libecpg6-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpq5-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpq5-32bit-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-contrib-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-docs-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-plperl-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-plpython-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-pltcl-14.5-3.14.9 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql14-server-14.5-3.14.9 SUSE Linux Enterprise Software Development Kit 12 SP5:postgresql14-devel-14.5-3.14.9 SUSE Linux Enterprise Software Development Kit 12 SP5:postgresql14-server-devel-14.5-3.14.9 SUSE OpenStack Cloud 9:libecpg6-14.5-3.14.9 SUSE OpenStack Cloud 9:libpq5-14.5-3.14.9 SUSE OpenStack Cloud 9:libpq5-32bit-14.5-3.14.9 SUSE OpenStack Cloud Crowbar 9:libecpg6-14.5-3.14.9 SUSE OpenStack Cloud Crowbar 9:libpq5-14.5-3.14.9 SUSE OpenStack Cloud Crowbar 9:libpq5-32bit-14.5-3.14.9 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223269-1/ https://www.suse.com/security/cve/CVE-2022-2625.html CVE-2022-2625 https://bugzilla.suse.com/1202368 SUSE Bug 1202368