Vulnerability Scan Report for registry.suse.com/suse/postgres:14.8-21.20

PostgreSQL 15 container based on the SLE Base Container Image.

registry.suse.com/suse/postgres:14.8-21.20

Last scanned on: June 30, 2025 16:34

Package Name	Severity	Status	Description	Reference links
postgresql14-server	HIGH	fixed	Security update for postgresql16 Vulnerability ID: SUSE-SU-2024:3169-1 Installed Version: 14.8-150200.5.26.1 Fixed Version: 14.13-150200.5.47.1 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)	CVE-2024-7348 SU-20243169-1 SUSE Bug#1229013 SUSE Mailing List [sle-updates] 2024-September#036820 SUSE Security Rating
postgresql14-server	HIGH	fixed	Security update for postgresql14 Vulnerability ID: SUSE-SU-2024:4176-1 Installed Version: 14.8-150200.5.26.1 Fixed Version: 14.15-150200.5.50.1 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).	CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 SU-20244176-1 SUSE Bug#1233323 SUSE Bug#1233325 SUSE Bug#1233326 SUSE Bug#1233327 SUSE Mailing List [sle-security-updates] 2024-December#019914 SUSE Security Rating
postgresql14-server	HIGH	fixed	Security update for postgresql14 Vulnerability ID: SUSE-SU-2025:0632-1 Installed Version: 14.8-150200.5.26.1 Fixed Version: 14.17-150200.5.55.1 This update for postgresql14 fixes the following issues: Upgrade to 14.17: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093).	CVE-2025-1094 SU-20250632-1 SUSE Bug#1237093 SUSE Mailing List [sle-security-updates] 2025-February#020405 SUSE Security Rating
postgresql14-server	MEDIUM	fixed	Security update for postgresql15 Vulnerability ID: SUSE-SU-2023:3348-1 Installed Version: 14.8-150200.5.26.1 Fixed Version: 14.9-150200.5.29.1 This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)	CVE-2023-39417 SU-20233348-1 SUSE Bug#1214059 SUSE Mailing List [sle-updates] 2023-August#031065 SUSE Security Rating
postgresql14-server	MEDIUM	fixed	Security update for postgresql14 Vulnerability ID: SUSE-SU-2025:01786-1 Installed Version: 14.8-150200.5.26.1 Fixed Version: 14.18-150200.5.58.1 This update for postgresql14 fixes the following issues: Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)	CVE-2025-4207 SU-202501786-1 SUSE Bug#1242931 SUSE Mailing List [sle-updates] 2025-May#039474 SUSE Security Rating