SUSE update for postgresql12



Published: 2021-09-29
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-3677
CWE-ID CWE-401
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Module for Legacy Software
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Server Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Basesystem
Operating systems & Components / Operating system

postgresql12
Operating systems & Components / Operating system package or component

postgresql12-docs
Operating systems & Components / Operating system package or component

postgresql12-server-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-server-devel
Operating systems & Components / Operating system package or component

postgresql12-server-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-server
Operating systems & Components / Operating system package or component

postgresql12-pltcl-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-pltcl
Operating systems & Components / Operating system package or component

postgresql12-plpython-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-plpython
Operating systems & Components / Operating system package or component

postgresql12-plperl-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-plperl
Operating systems & Components / Operating system package or component

postgresql12-devel-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-devel
Operating systems & Components / Operating system package or component

postgresql12-debugsource
Operating systems & Components / Operating system package or component

postgresql12-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-contrib-debuginfo
Operating systems & Components / Operating system package or component

postgresql12-contrib
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU59043

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3677

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Mitigation

Update the affected package postgresql12 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Legacy Software: 15-SP3

SUSE Linux Enterprise Module for Server Applications: 15-SP2

SUSE Linux Enterprise Module for Basesystem: 15-SP2

postgresql12: before 12.8-8.23.2

postgresql12-docs: before 12.8-8.23.2

postgresql12-server-devel-debuginfo: before 12.8-8.23.2

postgresql12-server-devel: before 12.8-8.23.2

postgresql12-server-debuginfo: before 12.8-8.23.2

postgresql12-server: before 12.8-8.23.2

postgresql12-pltcl-debuginfo: before 12.8-8.23.2

postgresql12-pltcl: before 12.8-8.23.2

postgresql12-plpython-debuginfo: before 12.8-8.23.2

postgresql12-plpython: before 12.8-8.23.2

postgresql12-plperl-debuginfo: before 12.8-8.23.2

postgresql12-plperl: before 12.8-8.23.2

postgresql12-devel-debuginfo: before 12.8-8.23.2

postgresql12-devel: before 12.8-8.23.2

postgresql12-debugsource: before 12.8-8.23.2

postgresql12-debuginfo: before 12.8-8.23.2

postgresql12-contrib-debuginfo: before 12.8-8.23.2

postgresql12-contrib: before 12.8-8.23.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2021/suse-su-20213256-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###