Security update for postgresql96 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3477-1 Final 1 1 2020-11-24T10:08:58Z current 2020-11-24T10:08:58Z 2020-11-24T10:08:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql96 This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/9.6/release-9-6-20.html Changes from 9.6.19: * CVE-2020-14350, bsc#1175194: Make contrib modules installation The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2020-3477,SUSE-2020-3477,SUSE-OpenStack-Cloud-7-2020-3477,SUSE-OpenStack-Cloud-8-2020-3477,SUSE-OpenStack-Cloud-Crowbar-8-2020-3477,SUSE-SLE-SAP-12-SP2-2020-3477,SUSE-SLE-SAP-12-SP3-2020-3477,SUSE-SLE-SERVER-12-SP2-2020-3477,SUSE-SLE-SERVER-12-SP2-BCL-2020-3477,SUSE-SLE-SERVER-12-SP3-2020-3477,SUSE-SLE-SERVER-12-SP3-BCL-2020-3477,SUSE-Storage-5-2020-3477 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203477-1/ Link for SUSE-SU-2020:3477-1 https://lists.suse.com/pipermail/sle-security-updates/2020-November/007833.html E-Mail link for SUSE-SU-2020:3477-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1175194 SUSE Bug 1175194 https://bugzilla.suse.com/1178666 SUSE Bug 1178666 https://bugzilla.suse.com/1178667 SUSE Bug 1178667 https://bugzilla.suse.com/1178668 SUSE Bug 1178668 https://www.suse.com/security/cve/CVE-2020-14350/ SUSE CVE CVE-2020-14350 page https://www.suse.com/security/cve/CVE-2020-25694/ SUSE CVE CVE-2020-25694 page https://www.suse.com/security/cve/CVE-2020-25695/ SUSE CVE CVE-2020-25695 page https://www.suse.com/security/cve/CVE-2020-25696/ SUSE CVE CVE-2020-25696 page HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 postgresql96-9.6.20-6.8.1 postgresql96-contrib-9.6.20-6.8.1 postgresql96-docs-9.6.20-6.8.1 postgresql96-plperl-9.6.20-6.8.1 postgresql96-plpython-9.6.20-6.8.1 postgresql96-pltcl-9.6.20-6.8.1 postgresql96-server-9.6.20-6.8.1 postgresql96-devel-9.6.20-6.8.1 postgresql96-test-9.6.20-6.8.1 postgresql96-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-contrib-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-docs-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-plperl-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-plpython-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-pltcl-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-server-9.6.20-6.8.1 as a component of HPE Helion OpenStack 8 postgresql96-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-server-9.6.20-6.8.1 as a component of SUSE Enterprise Storage 5 postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 postgresql96-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-server-9.6.20-6.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql96-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-server-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 7 postgresql96-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-server-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud 8 postgresql96-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-contrib-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-docs-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-plperl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-plpython-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-pltcl-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 postgresql96-server-9.6.20-6.8.1 as a component of SUSE OpenStack Cloud Crowbar 8 It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. CVE-2020-14350 HPE Helion OpenStack 8:postgresql96-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-contrib-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-docs-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plperl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plpython-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-pltcl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-server-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-contrib-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-docs-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plperl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plpython-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-pltcl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-server-9.6.20-6.8.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203477-1/ https://www.suse.com/security/cve/CVE-2020-14350.html CVE-2020-14350 https://bugzilla.suse.com/1175194 SUSE Bug 1175194 https://bugzilla.suse.com/1176151 SUSE Bug 1176151 https://bugzilla.suse.com/1179115 SUSE Bug 1179115 https://bugzilla.suse.com/1179499 SUSE Bug 1179499 https://bugzilla.suse.com/1179870 SUSE Bug 1179870 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-25694 HPE Helion OpenStack 8:postgresql96-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-contrib-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-docs-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plperl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plpython-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-pltcl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-server-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-contrib-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-docs-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plperl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plpython-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-pltcl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-server-9.6.20-6.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203477-1/ https://www.suse.com/security/cve/CVE-2020-25694.html CVE-2020-25694 https://bugzilla.suse.com/1178667 SUSE Bug 1178667 https://bugzilla.suse.com/1179870 SUSE Bug 1179870 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-25695 HPE Helion OpenStack 8:postgresql96-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-contrib-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-docs-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plperl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plpython-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-pltcl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-server-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-contrib-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-docs-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plperl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plpython-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-pltcl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-server-9.6.20-6.8.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203477-1/ https://www.suse.com/security/cve/CVE-2020-25695.html CVE-2020-25695 https://bugzilla.suse.com/1178666 SUSE Bug 1178666 A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-25696 HPE Helion OpenStack 8:postgresql96-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-contrib-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-docs-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plperl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-plpython-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-pltcl-9.6.20-6.8.1 HPE Helion OpenStack 8:postgresql96-server-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-contrib-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-docs-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plperl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-plpython-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-pltcl-9.6.20-6.8.1 SUSE Enterprise Storage 5:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-BCL:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql96-server-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-contrib-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-docs-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plperl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-plpython-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-pltcl-9.6.20-6.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 7:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud 8:postgresql96-server-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-contrib-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-docs-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plperl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-plpython-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-pltcl-9.6.20-6.8.1 SUSE OpenStack Cloud Crowbar 8:postgresql96-server-9.6.20-6.8.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203477-1/ https://www.suse.com/security/cve/CVE-2020-25696.html CVE-2020-25696 https://bugzilla.suse.com/1178668 SUSE Bug 1178668 https://bugzilla.suse.com/1179870 SUSE Bug 1179870