Lucene search

openSUSE: Security Advisory for postgresql (SUSE-SU-2023:0103-1)

Security Advisory for postgresql package updat

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 103
OSV	libpgjava - security update	3 Dec 202200:00	–	osv
OSV	CVE-2022-41946	23 Nov 202220:15	–	osv
OSV	RHSA-2023:0759 Red Hat Security Advisory: Red Hat Virtualization security and bug fix update	16 Sep 202410:00	–	osv
OSV	RHSA-2023:1630 Red Hat Security Advisory: Satellite 6.12.3 Async Security Update	16 Sep 202410:00	–	osv
OSV	BIT-postgresql-jdbc-driver-2022-41946	6 Mar 202411:02	–	osv
OSV	RHSA-2023:2378 Red Hat Security Advisory: postgresql-jdbc security update	16 Sep 202410:01	–	osv
OSV	RHSA-2023:2867 Red Hat Security Advisory: postgresql-jdbc security update	16 Sep 202410:01	–	osv
OSV	Moderate: postgresql-jdbc security update	16 May 202300:00	–	osv
OSV	Moderate: postgresql-jdbc security update	9 May 202300:00	–	osv
OSV	CVE-2023-33251	21 May 202321:15	–	osv

Source	Link
	www.0103-1
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/SYGPHYOMZE2VYMPEUXSVSZHF5VSAZAXU

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833659");
  script_version("2025-02-26T05:38:41+0000");
  script_cve_id("CVE-2022-41946");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:N/A:N");
  script_tag(name:"last_modification", value:"2025-02-26 05:38:41 +0000 (Wed, 26 Feb 2025)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-11-28 19:43:46 +0000 (Mon, 28 Nov 2022)");
  script_tag(name:"creation_date", value:"2024-03-04 07:35:20 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for postgresql (SUSE-SU-2023:0103-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/opensuse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.4");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:0103-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/SYGPHYOMZE2VYMPEUXSVSZHF5VSAZAXU");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql'
  package(s) announced via the SUSE-SU-2023:0103-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for postgresql-jdbc fixes the following issues:

  - CVE-2022-41946: Fixed a local information disclosure issue due to
       improper handling of temporary files (bsc#1206921).");

  script_tag(name:"affected", value:"'postgresql' package(s) on openSUSE Leap 15.4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.4") {

  if(!isnull(res = isrpmvuln(pkg:"postgresql-jdbc", rpm:"postgresql-jdbc~42.2.25~150400.3.9.2", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-jdbc-javadoc", rpm:"postgresql-jdbc-javadoc~42.2.25~150400.3.9.2", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-jdbc", rpm:"postgresql-jdbc~42.2.25~150400.3.9.2", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-jdbc-javadoc", rpm:"postgresql-jdbc-javadoc~42.2.25~150400.3.9.2", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Mar 2024 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS34.7 - 5.5

EPSS0.00078