Overview

File _patchinfo of Package patchinfo.35500

<patchinfo incident="35500">
  <issue tracker="bnc" id="1224038">VUL-0: CVE-2024-4317: postgresql14,postgresql15,postgresql16: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner</issue>
  <issue tracker="bnc" id="1229013">VUL-0: CVE-2024-7348: postgresql: time-of-check time-of-use (TOCTOU) race condition in pg_dump allows an object creator to execute arbitrary SQL functions as the user running pg_dump</issue>
  <issue tracker="bnc" id="1224051">PostgreSQL bugfix releases May 2024</issue>
  <issue tracker="cve" id="2024-4317"/>
  <issue tracker="cve" id="2024-7348"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql16</summary>
  <description>This update for postgresql16 fixes the following issues:

- Upgrade to 16.4 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
- CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places