7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
An update that solves two vulnerabilities and has two fixes
is now available.
Description:
This update for postgresql, postgresql96, postgresql10, postgresql12 fixes
the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).
Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
and complete cutover to the new packaging schema.
Also changed in the postgresql wrapper package:
Bump version to 12.0.1, so that the binary packages also have a
cut-point to conflict with.
Conflict with versions of the binary packages prior to the May 2020
update, because we changed the package layout at that point and need a
clean cutover.
Bump package version to 12, but leave default at 10 for SLE-15 and
SLE-15-SP1.
postgresql11 was updated to 11.9:
postgresql11 was updated to 11.8 (bsc#1171924).
postgresql10 was updated to 10.13 (bsc#1171924).
Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
Move from the “libs” build flavour to a “mini” package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (bsc#1148643).
postgresql96 was updated to 9.6.19:
* CVE-2020-14350, boo#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/9.6/release-9-6-19.html
Pack the /usr/lib/postgresql symlink only into the main package.
Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
and complete cutover to the new packaging schema.
update to 9.6.18 (boo#1171924).
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/9.6/release-9-6-18.html
Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
Move from the “libs” build flavour to a “mini” package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (boo#1148643).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1228=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | i586 | < - openSUSE Leap 15.2 (i586 x86_64): | - openSUSE Leap 15.2 (i586 x86_64):.i586.rpm | |
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (i586 x86_64): | - openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm | |
openSUSE Leap | 15.2 | noarch | < - openSUSE Leap 15.2 (noarch): | - openSUSE Leap 15.2 (noarch):.noarch.rpm | |
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm |
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P