SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4176

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4176

Security update for postgresql14

Type: security

Severity: important

Issued: 2024-12-04

Description:

This update for postgresql14 fixes the following issues:

- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).

References

CVE: CVE-2024-10979
CVE: CVE-2024-10978
CVE: CVE-2024-10977
CVE: CVE-2024-10976
Bugzilla: 1233327 VUL-0: CVE-2024-10979: postgresql: Prevent trusted PL/Perl code from changing environment variables
Bugzilla: 1233326 VUL-0: CVE-2024-10978: postgresql: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE
Bugzilla: 1233325 VUL-0: CVE-2024-10977: postgresql: Make libpq discard error messages received during SSL or GSS protocol negotiation
Bugzilla: 1233323 VUL-0: CVE-2024-10976: postgresql: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference

Packages

postgresql14-14.15-150200.5.50.1