SUSE update for postgresql13



Published: 2021-09-29
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-3677
CWE-ID CWE-401
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Module for Packagehub Subpackages
Operating systems & Components / Operating system package or component

libpq5-32bit-debuginfo
Operating systems & Components / Operating system package or component

libpq5-32bit
Operating systems & Components / Operating system package or component

postgresql13
Operating systems & Components / Operating system package or component

libpq5-debuginfo
Operating systems & Components / Operating system package or component

libpq5
Operating systems & Components / Operating system package or component

postgresql13-test
Operating systems & Components / Operating system package or component

postgresql13-docs
Operating systems & Components / Operating system package or component

postgresql13-server-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-server-devel
Operating systems & Components / Operating system package or component

postgresql13-server-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-server
Operating systems & Components / Operating system package or component

postgresql13-pltcl-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-pltcl
Operating systems & Components / Operating system package or component

postgresql13-plpython-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-plpython
Operating systems & Components / Operating system package or component

postgresql13-plperl-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-plperl
Operating systems & Components / Operating system package or component

postgresql13-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-devel
Operating systems & Components / Operating system package or component

postgresql13-debugsource
Operating systems & Components / Operating system package or component

postgresql13-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-contrib-debuginfo
Operating systems & Components / Operating system package or component

postgresql13-contrib
Operating systems & Components / Operating system package or component

libecpg6-debuginfo
Operating systems & Components / Operating system package or component

libecpg6
Operating systems & Components / Operating system package or component

SUSE Linux Enterprise Module for Server Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Basesystem
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU59043

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3677

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Mitigation

Update the affected package postgresql13 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP2 - 15-SP3

SUSE Linux Enterprise Module for Server Applications: 15-SP2 - 15-SP3

SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3

libpq5-32bit-debuginfo: before 13.4-5.16.2

libpq5-32bit: before 13.4-5.16.2

postgresql13: before 13.4-5.16.2

libpq5-debuginfo: before 13.4-5.16.2

libpq5: before 13.4-5.16.2

postgresql13-test: before 13.4-5.16.2

postgresql13-docs: before 13.4-5.16.2

postgresql13-server-devel-debuginfo: before 13.4-5.16.2

postgresql13-server-devel: before 13.4-5.16.2

postgresql13-server-debuginfo: before 13.4-5.16.2

postgresql13-server: before 13.4-5.16.2

postgresql13-pltcl-debuginfo: before 13.4-5.16.2

postgresql13-pltcl: before 13.4-5.16.2

postgresql13-plpython-debuginfo: before 13.4-5.16.2

postgresql13-plpython: before 13.4-5.16.2

postgresql13-plperl-debuginfo: before 13.4-5.16.2

postgresql13-plperl: before 13.4-5.16.2

postgresql13-devel-debuginfo: before 13.4-5.16.2

postgresql13-devel: before 13.4-5.16.2

postgresql13-debugsource: before 13.4-5.16.2

postgresql13-debuginfo: before 13.4-5.16.2

postgresql13-contrib-debuginfo: before 13.4-5.16.2

postgresql13-contrib: before 13.4-5.16.2

libecpg6-debuginfo: before 13.4-5.16.2

libecpg6: before 13.4-5.16.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2021/suse-su-20213255-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###