{"affected":[{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 9","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20OpenStack%20Cloud%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 8","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 9","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"postgresql12-devel":"12.5-3.9.3","postgresql12-server-devel":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3-LTSS","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3-BCL","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4-LTSS","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3","postgresql12":"12.5-3.9.3","postgresql12-contrib":"12.5-3.9.3","postgresql12-docs":"12.5-3.9.3","postgresql12-plperl":"12.5-3.9.3","postgresql12-plpython":"12.5-3.9.3","postgresql12-pltcl":"12.5-3.9.3","postgresql12-server":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3","postgresql12":"12.5-3.9.3","postgresql12-contrib":"12.5-3.9.3","postgresql12-docs":"12.5-3.9.3","postgresql12-plperl":"12.5-3.9.3","postgresql12-plpython":"12.5-3.9.3","postgresql12-pltcl":"12.5-3.9.3","postgresql12-server":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"12.5-3.9.3","libpq5":"12.5-3.9.3","libpq5-32bit":"12.5-3.9.3"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 5","name":"postgresql12","purl":"pkg:rpm/suse/postgresql12&distro=SUSE%20Enterprise%20Storage%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12.5-3.9.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for postgresql12 fixes the following issues:\n\nUpgrade to version 12.5:\n\n* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD\n  and firing of deferred triggers within index expressions and\n  materialized view queries.\n* CVE-2020-25694, bsc#1178667:\n  a) Fix usage of complex connection-string parameters in pg_dump,\n  pg_restore, clusterdb, reindexdb, and vacuumdb.\n  b) When psql's \\connect command re-uses connection parameters,\n  ensure that all non-overridden parameters from a previous\n  connection string are re-used.\n* CVE-2020-25696, bsc#1178668: Prevent psql's \\gset command from\n  modifying specially-treated variables.\n* Fix recently-added timetz test case so it works when the USA\n  is not observing daylight savings time.\n  (obsoletes postgresql-timetz.patch)\n* https://www.postgresql.org/about/news/2111/\n* https://www.postgresql.org/docs/12/release-12-5.html\n\nThe previous postgresql12 update already addressed:\n\nUpdate to 12.4:\n\n* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers\n* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.\n\n* https://www.postgresql.org/docs/12/release-12-4.html\n\n  ","id":"SUSE-SU-2020:3630-1","modified":"2020-12-04T16:09:07Z","published":"2020-12-04T16:09:07Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203630-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175193"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175194"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178666"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178667"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178668"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14349"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14350"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25694"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25696"}],"related":["CVE-2020-14349","CVE-2020-14350","CVE-2020-25694","CVE-2020-25695","CVE-2020-25696"],"summary":"Security update for postgresql12","upstream":["CVE-2020-14349","CVE-2020-14350","CVE-2020-25694","CVE-2020-25695","CVE-2020-25696"]}