Vulnerability Scan Report for registry.suse.com/suse/postgres:14-24.27
PostgreSQL 15 container based on the SLE Base Container Image.
registry.suse.com/suse/postgres:14-24.27
Last scanned on: February 14, 2025 14:01
PostgreSQL 15 container based on the SLE Base Container Image.
Last scanned on: February 14, 2025 14:01
| Package Name | Severity | Status | Description | Reference links | |
|---|---|---|---|---|---|
| postgresql14 | HIGH | fixed |
Security update for postgresql16 Vulnerability ID: SUSE-SU-2024:3169-1 Installed Version: 14.10-150200.5.36.1 Fixed Version: 14.13-150200.5.47.1 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) |
||
| postgresql14 | HIGH | fixed |
Security update for postgresql14 Vulnerability ID: SUSE-SU-2024:4176-1 Installed Version: 14.10-150200.5.36.1 Fixed Version: 14.15-150200.5.50.1 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). |
||
| postgresql14-server | HIGH | fixed |
Security update for postgresql14 Vulnerability ID: SUSE-SU-2024:0552-1 Installed Version: 14.10-150200.5.36.1 Fixed Version: 14.11-150200.5.39.1 This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). |
||
| postgresql14-server | HIGH | fixed |
Security update for postgresql16 Vulnerability ID: SUSE-SU-2024:3169-1 Installed Version: 14.10-150200.5.36.1 Fixed Version: 14.13-150200.5.47.1 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) |
||
| postgresql14-server | HIGH | fixed |
Security update for postgresql14 Vulnerability ID: SUSE-SU-2024:4176-1 Installed Version: 14.10-150200.5.36.1 Fixed Version: 14.15-150200.5.50.1 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). |
||