Security update for postgresql15 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0393-1 Final 1 1 2023-02-13T09:09:48Z current 2023-02-13T09:09:48Z 2023-02-13T09:09:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql15 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-393,SUSE-OpenStack-Cloud-9-2023-393,SUSE-OpenStack-Cloud-Crowbar-9-2023-393,SUSE-SLE-SAP-12-SP4-2023-393,SUSE-SLE-SDK-12-SP5-2023-393,SUSE-SLE-SERVER-12-SP2-BCL-2023-393,SUSE-SLE-SERVER-12-SP4-LTSS-2023-393,SUSE-SLE-SERVER-12-SP5-2023-393 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230393-1/ Link for SUSE-SU-2023:0393-1 https://lists.suse.com/pipermail/sle-security-updates/2023-February/013746.html E-Mail link for SUSE-SU-2023:0393-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208102 SUSE Bug 1208102 https://www.suse.com/security/cve/CVE-2022-41862/ SUSE CVE CVE-2022-41862 page SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libecpg6-15.2-3.6.1 libecpg6-32bit-15.2-3.6.1 libecpg6-64bit-15.2-3.6.1 libpq5-15.2-3.6.1 libpq5-32bit-15.2-3.6.1 libpq5-64bit-15.2-3.6.1 postgresql15-15.2-3.6.1 postgresql15-contrib-15.2-3.6.1 postgresql15-devel-15.2-3.6.1 postgresql15-devel-mini-15.2-3.6.1 postgresql15-docs-15.2-3.6.1 postgresql15-llvmjit-devel-15.2-3.6.1 postgresql15-plperl-15.2-3.6.1 postgresql15-plpython-15.2-3.6.1 postgresql15-pltcl-15.2-3.6.1 postgresql15-server-15.2-3.6.1 postgresql15-server-devel-15.2-3.6.1 postgresql15-test-15.2-3.6.1 libecpg6-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libpq5-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libpq5-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libecpg6-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpq5-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libpq5-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libecpg6-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 libecpg6-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 libpq5-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 libpq5-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-contrib-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-docs-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-plperl-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-plpython-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-pltcl-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 postgresql15-server-15.2-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 libecpg6-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libpq5-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libpq5-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libecpg6-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libecpg6-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpq5-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpq5-32bit-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-contrib-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-docs-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-plperl-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-plpython-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-pltcl-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-server-15.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql15-devel-15.2-3.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 postgresql15-server-devel-15.2-3.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libecpg6-15.2-3.6.1 as a component of SUSE OpenStack Cloud 9 libpq5-15.2-3.6.1 as a component of SUSE OpenStack Cloud 9 libpq5-32bit-15.2-3.6.1 as a component of SUSE OpenStack Cloud 9 libecpg6-15.2-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 libpq5-15.2-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 libpq5-32bit-15.2-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. CVE-2022-41862 SUSE Linux Enterprise Server 12 SP2-BCL:libecpg6-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:libpq5-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:libpq5-32bit-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libecpg6-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libpq5-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libpq5-32bit-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:libecpg6-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:libecpg6-32bit-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:libpq5-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:libpq5-32bit-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-contrib-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-docs-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-plperl-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-plpython-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-pltcl-15.2-3.6.1 SUSE Linux Enterprise Server 12 SP5:postgresql15-server-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libecpg6-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libpq5-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libpq5-32bit-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libecpg6-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libecpg6-32bit-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpq5-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpq5-32bit-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-contrib-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-docs-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-plperl-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-plpython-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-pltcl-15.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql15-server-15.2-3.6.1 SUSE Linux Enterprise Software Development Kit 12 SP5:postgresql15-devel-15.2-3.6.1 SUSE Linux Enterprise Software Development Kit 12 SP5:postgresql15-server-devel-15.2-3.6.1 SUSE OpenStack Cloud 9:libecpg6-15.2-3.6.1 SUSE OpenStack Cloud 9:libpq5-15.2-3.6.1 SUSE OpenStack Cloud 9:libpq5-32bit-15.2-3.6.1 SUSE OpenStack Cloud Crowbar 9:libecpg6-15.2-3.6.1 SUSE OpenStack Cloud Crowbar 9:libpq5-15.2-3.6.1 SUSE OpenStack Cloud Crowbar 9:libpq5-32bit-15.2-3.6.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230393-1/ https://www.suse.com/security/cve/CVE-2022-41862.html CVE-2022-41862 https://bugzilla.suse.com/1208102 SUSE Bug 1208102