SUSE-FU-2022:2794-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-FU-2022:2794-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-FU-2022:2794-1
Related
Published
2022-08-12T09:14:03Z
Modified
2022-08-12T09:14:03Z
Summary
Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc
Details

This feature update for ongres-scram, ongres-stringprep, postgresql-jdbc provides:

ongres-scram:

  • Upgrade from version 1.0.0-beta.2 to version 2.1. (jsc#SLE-23994)
    • Add standard SASLPrep (bsc#1196693, jsc#SLE-23994)
    • Failover to bouncy castle implementation of PBKDF2WithHmacSHA256 to support Oracle JDK 7
    • Updated saslprep to version 1.1 to remove a build dependency coming from the stringprep module

ongres-stringprep:

  • Introduce ongres-stringprep 1.1 as dependency of ongres-scram. (bsc#1196693, jsc#SLE-23994)

postgresql-jdbc:

  • CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356)
  • Upgrade postgresql-jdbc from version 42.2.16 to version 42.2.25 (jsc#SLE-23994)
    • Use SASLprep normalization for SCRAM authentication and fixes issues with spaces in passwords. (bsc#1196693)
References

Affected packages

SUSE:Manager Server Module 4.2 / ongres-scram

Package

Name
ongres-scram
Purl
purl:rpm/suse/ongres-scram&distro=SUSE%20Manager%20Server%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1-150300.3.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

SUSE:Manager Server Module 4.2 / ongres-stringprep

Package

Name
ongres-stringprep
Purl
purl:rpm/suse/ongres-stringprep&distro=SUSE%20Manager%20Server%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-150300.7.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

SUSE:Manager Server Module 4.2 / postgresql-jdbc

Package

Name
postgresql-jdbc
Purl
purl:rpm/suse/postgresql-jdbc&distro=SUSE%20Manager%20Server%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
42.2.25-150300.3.5.2

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP3 / ongres-scram

Package

Name
ongres-scram
Purl
purl:rpm/suse/ongres-scram&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1-150300.3.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP3 / ongres-stringprep

Package

Name
ongres-stringprep
Purl
purl:rpm/suse/ongres-stringprep&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-150300.7.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP3 / postgresql-jdbc

Package

Name
postgresql-jdbc
Purl
purl:rpm/suse/postgresql-jdbc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
42.2.25-150300.3.5.2

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

openSUSE:Leap 15.3 / ongres-scram

Package

Name
ongres-scram
Purl
purl:rpm/suse/ongres-scram&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1-150300.3.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "ongres-stringprep-codegenerator": "1.1-150300.7.3.4",
            "ongres-scram-parent": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-parent": "1.1-150300.7.3.4",
            "ongres-stringprep-javadoc": "1.1-150300.7.3.4",
            "postgresql-jdbc-javadoc": "42.2.25-150300.3.5.2",
            "ongres-scram-javadoc": "2.1-150300.3.3.4",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

openSUSE:Leap 15.3 / ongres-stringprep

Package

Name
ongres-stringprep
Purl
purl:rpm/suse/ongres-stringprep&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-150300.7.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "ongres-stringprep-codegenerator": "1.1-150300.7.3.4",
            "ongres-scram-parent": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-parent": "1.1-150300.7.3.4",
            "ongres-stringprep-javadoc": "1.1-150300.7.3.4",
            "postgresql-jdbc-javadoc": "42.2.25-150300.3.5.2",
            "ongres-scram-javadoc": "2.1-150300.3.3.4",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}

openSUSE:Leap 15.3 / postgresql-jdbc

Package

Name
postgresql-jdbc
Purl
purl:rpm/suse/postgresql-jdbc&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
42.2.25-150300.3.5.2

Ecosystem specific 

{
    "binaries": [
        {
            "ongres-scram": "2.1-150300.3.3.4",
            "ongres-stringprep-codegenerator": "1.1-150300.7.3.4",
            "ongres-scram-parent": "2.1-150300.3.3.4",
            "postgresql-jdbc": "42.2.25-150300.3.5.2",
            "ongres-stringprep": "1.1-150300.7.3.4",
            "ongres-stringprep-parent": "1.1-150300.7.3.4",
            "ongres-stringprep-javadoc": "1.1-150300.7.3.4",
            "postgresql-jdbc-javadoc": "42.2.25-150300.3.5.2",
            "ongres-scram-javadoc": "2.1-150300.3.3.4",
            "ongres-scram-client": "2.1-150300.3.3.4",
            "ongres-stringprep-saslprep": "1.1-150300.7.3.4"
        }
    ]
}