SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3348

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3348

Security update for postgresql15

Type: security

Severity: moderate

Issued: 2023-08-17

Description:

This update for postgresql15 fixes the following issues:

- Update to 14.9
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)

References

CVE: CVE-2023-39417
Bugzilla: 1214059 VUL-0: EMBARGOED: CVE-2023-39417: postgresql12,postgresql13,postgresql14,postgresql15: Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign

Packages

postgresql14-14.9-150200.5.29.1