Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc
Announcement ID: | SUSE-FU-2022:2794-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability, contains one feature and has one fix can now be installed.
Description:
This feature update for ongres-scram, ongres-stringprep, postgresql-jdbc provides:
ongres-scram:
- Upgrade from version 1.0.0-beta.2 to version 2.1. (jsc#SLE-23994)
- Add standard
SASLPrep
(bsc#1196693, jsc#SLE-23994) - Failover to bouncy castle implementation of
PBKDF2WithHmacSHA256
to support Oracle JDK 7 - Updated
saslprep
to version 1.1 to remove a build dependency coming from thestringprep
module
ongres-stringprep:
- Introduce
ongres-stringprep
1.1 as dependency ofongres-scram
. (bsc#1196693, jsc#SLE-23994)
postgresql-jdbc:
- CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356)
- Upgrade postgresql-jdbc from version 42.2.16 to version 42.2.25 (jsc#SLE-23994)
- Use
SASLprep
normalization for SCRAM authentication and fixes issues with spaces in passwords. (bsc#1196693)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3
zypper in -t patch SUSE-2022-2794=1
-
Server Applications Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2794=1
-
SUSE Manager Server 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2794=1
Package List:
-
openSUSE Leap 15.3 (noarch)
- ongres-stringprep-saslprep-1.1-150300.7.3.4
- ongres-stringprep-javadoc-1.1-150300.7.3.4
- ongres-stringprep-parent-1.1-150300.7.3.4
- ongres-stringprep-codegenerator-1.1-150300.7.3.4
- postgresql-jdbc-42.2.25-150300.3.5.2
- ongres-scram-2.1-150300.3.3.4
- ongres-scram-parent-2.1-150300.3.3.4
- ongres-scram-client-2.1-150300.3.3.4
- ongres-stringprep-1.1-150300.7.3.4
- ongres-scram-javadoc-2.1-150300.3.3.4
- postgresql-jdbc-javadoc-42.2.25-150300.3.5.2
-
Server Applications Module 15-SP3 (noarch)
- ongres-stringprep-saslprep-1.1-150300.7.3.4
- postgresql-jdbc-42.2.25-150300.3.5.2
- ongres-scram-2.1-150300.3.3.4
- ongres-scram-client-2.1-150300.3.3.4
- ongres-stringprep-1.1-150300.7.3.4
-
SUSE Manager Server 4.2 Module 4.2 (noarch)
- ongres-stringprep-saslprep-1.1-150300.7.3.4
- postgresql-jdbc-42.2.25-150300.3.5.2
- ongres-scram-2.1-150300.3.3.4
- ongres-scram-client-2.1-150300.3.3.4
- ongres-stringprep-1.1-150300.7.3.4