SUSE-SU-2022:1894-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes bsc1199475...

PostgreSQL Server -- execute arbitrary SQL code as DBA user

The PostgreSQL project reports: Confine additional operations within "security restricted operation" sandboxes. Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pgamcheck activated the "security restricted operation" protection mechanism too late, or even not at all in...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Vulnerability in core server (CVE-2020-25695)

Multiple features escape "security restricted operation" sandbox An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. While promptly updating PostgreSQL is the best remediation for most users, a...

PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)

A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...