Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10936 (GCVE-0-2018-10936)
Vulnerability from cvelistv5
Published
2018-08-30 13:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/105220 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936 | Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| secalert@redhat.com | https://www.postgresql.org/about/news/1883/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105220 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.postgresql.org/about/news/1883/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| [UNKNOWN] | PostgreSQL |
Version: 42.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "42.2.5"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:06:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "105220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "42.2.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-297"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105220"
},
{
"name": "https://www.postgresql.org/about/news/1883/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10936",
"datePublished": "2018-08-30T13:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10936\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-08-30T13:29:00.377\",\"lastModified\":\"2024-11-21T03:42:20.793\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una debilidad en versiones anteriores a la 42.2.5 de postgresql-jdbc. Era posible proporcionar un SSL Factory y no comprobar el nombre de host si no se ha proporcionado un verificador de nombres de host al controlador. Esto podr\u00eda conducir a una situaci\u00f3n en la que un atacante Man-in-the-Middle (MitM) podr\u00eda ocultarse como servidor fiable proporcionando un certificado para el host equivocado, siempre y cuando est\u00e9 firmado por una AC v\u00e1lida.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-297\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-297\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"42.2.5\",\"matchCriteriaId\":\"3F40CBED-E139-40E9-951F-6DF044BCEA05\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105220\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.postgresql.org/about/news/1883/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.postgresql.org/about/news/1883/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2018-10936
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10936",
"description": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"id": "GSD-2018-10936",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10936.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10936"
],
"details": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"id": "GSD-2018-10936",
"modified": "2023-12-13T01:22:41.024794Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "42.2.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-297"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105220"
},
{
"name": "https://www.postgresql.org/about/news/1883/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,42.2.5)",
"affected_versions": "All versions before 42.2.5",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-297",
"CWE-937"
],
"date": "2021-01-08",
"description": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"fixed_versions": [
"42.2.5"
],
"identifier": "CVE-2018-10936",
"identifiers": [
"GHSA-568q-9fw5-28wf",
"CVE-2018-10936"
],
"not_impacted": "All versions starting from 42.2.5",
"package_slug": "maven/org.postgresql/pgjdbc-aggregate",
"pubdate": "2018-10-19",
"solution": "Upgrade to version 42.2.5 or above.",
"title": "Improper Validation of Certificate with Host Mismatch",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10936",
"https://github.com/advisories/GHSA-568q-9fw5-28wf"
],
"uuid": "3c77f1f4-eaa2-48c4-b90a-2b4cbea59369"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "42.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10936"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-297"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/about/news/1883/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"name": "105220",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105220"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-10-15T13:28Z",
"publishedDate": "2018-08-30T13:29Z"
}
}
}
cnvd-2020-02192
Vulnerability from cnvd
Title: PostgreSQL JDBC中间人安全绕过漏洞
Description:
PostgreSQL JDBC是一个数据库驱动程序。
PostgreSQL JDBC 42.2.5之前版本中存在安全漏洞,该漏洞源于Postgres JDBC驱动程序在默认情况下没有检验主机名称。攻击者可通过向错误的主机提交证书利用该漏洞伪造可信的服务器。
Severity: 中
Patch Name: PostgreSQL JDBC中间人安全绕过漏洞的补丁
Patch Description:
PostgreSQL JDBC是一个数据库驱动程序。
PostgreSQL JDBC 42.2.5之前版本中存在安全漏洞,该漏洞源于Postgres JDBC驱动程序在默认情况下没有检验主机名称。攻击者可通过向错误的主机提交证书利用该漏洞伪造可信的服务器。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.postgresql.org/about/news/1883/
Reference: https://www.postgresql.org/about/news/1883/
Impacted products
| Name | PostgreSQL postgresql-jdbc <42.2.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10936",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936"
}
},
"description": "PostgreSQL JDBC\u662f\u4e00\u4e2a\u6570\u636e\u5e93\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nPostgreSQL JDBC 42.2.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePostgres JDBC\u9a71\u52a8\u7a0b\u5e8f\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u6ca1\u6709\u68c0\u9a8c\u4e3b\u673a\u540d\u79f0\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u9519\u8bef\u7684\u4e3b\u673a\u63d0\u4ea4\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u53ef\u4fe1\u7684\u670d\u52a1\u5668\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.postgresql.org/about/news/1883/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-02192",
"openTime": "2020-01-14",
"patchDescription": "PostgreSQL JDBC\u662f\u4e00\u4e2a\u6570\u636e\u5e93\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nPostgreSQL JDBC 42.2.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePostgres JDBC\u9a71\u52a8\u7a0b\u5e8f\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u6ca1\u6709\u68c0\u9a8c\u4e3b\u673a\u540d\u79f0\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u9519\u8bef\u7684\u4e3b\u673a\u63d0\u4ea4\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u53ef\u4fe1\u7684\u670d\u52a1\u5668\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "PostgreSQL JDBC\u4e2d\u95f4\u4eba\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "PostgreSQL postgresql-jdbc \u003c42.2.5"
},
"referenceLink": "https://www.postgresql.org/about/news/1883/",
"serverity": "\u4e2d",
"submitTime": "2018-09-05",
"title": "PostgreSQL JDBC\u4e2d\u95f4\u4eba\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
fkie_cve-2018-10936
Vulnerability from fkie_nvd
Published
2018-08-30 13:29
Modified
2024-11-21 03:42
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/105220 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936 | Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| secalert@redhat.com | https://www.postgresql.org/about/news/1883/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105220 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.postgresql.org/about/news/1883/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql_jdbc_driver | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40CBED-E139-40E9-951F-6DF044BCEA05",
"versionEndExcluding": "42.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA."
},
{
"lang": "es",
"value": "Se ha descubierto una debilidad en versiones anteriores a la 42.2.5 de postgresql-jdbc. Era posible proporcionar un SSL Factory y no comprobar el nombre de host si no se ha proporcionado un verificador de nombres de host al controlador. Esto podr\u00eda conducir a una situaci\u00f3n en la que un atacante Man-in-the-Middle (MitM) podr\u00eda ocultarse como servidor fiable proporcionando un certificado para el host equivocado, siempre y cuando est\u00e9 firmado por una AC v\u00e1lida."
}
],
"id": "CVE-2018-10936",
"lastModified": "2024-11-21T03:42:20.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-30T13:29:00.377",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105220"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1883/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1883/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-297"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-297"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-568q-9fw5-28wf
Vulnerability from github
Published
2018-10-19 16:53
Modified
2020-06-16 21:00
VLAI Severity ?
Summary
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Details
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.postgresql:pgjdbc-aggregate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "42.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10936"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:00:08Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"id": "GHSA-568q-9fw5-28wf",
"modified": "2020-06-16T21:00:08Z",
"published": "2018-10-19T16:53:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10936"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-568q-9fw5-28wf"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/about/news/1883"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105220"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate"
}
suse-su-2020:3466-1
Vulnerability from csaf_suse
Published
2020-11-20 14:06
Modified
2020-11-20 14:06
Summary
Security update for SUSE Manager Server 4.0
Notes
Title of the patch
Security update for SUSE Manager Server 4.0
Description of the patch
This update fixes the following issues:
bind-formula:
- Temporarily disable dnssec-validation as hotfix for bsc#1177790
- Update to version 0.1.1603299886.60e4bcf
grafana-formula:
- Use variable for product name
- Add support for system groups in Client Systems dashboard
postgresql-jdbc:
- Address CVE-2020-13692 (bsc#1172079)
- Add patch:
- Major changes since 9.4-1200:
* License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0
* Support PostgreSQL 9.5, 9.6, 10 11 and 12 added
* Support for PostgreSQL versions below 8.2 was dropped
* Support for JDK8, JDK9, JDK10, JDK11 and JDK12
* Support for JDK 1.4 and 1.5 was dropped
* Support for JDBC 4.2 added
* Add maxResultBuffer property
* Add caller push of binary data
* Read only transactions
* pkcs12 key functionality
* New 'escapeSyntaxCallMode' connection property
* Connection property to limit server error detail in exception
exceptions
* CancelQuery() to PGConnection public interface
* Support for large update counts (JDBC 4.2)
* Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY
* Expose parameter status messages (GUC_REPORT) to the user
* Log ignoring rollback when no transaction in progress
* Map inet type to InetAddress
* Change ISGENERATED to ISGENERATEDCOLUMN as per spec
* Support temporary replication slots in ReplicationCreateSlotBuilder
* Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns
* Return information on create replication slot, now the snapshot_name
is exported to allow a consistent snapshot in some uses cases
* `ssl=true` implies `sslmode=verify-full`, that is it requires valid
server certificate
* Support for `sslmode=allow/prefer/require`
* Added server hostname verification for non-default SSL factories in
`sslmode=verify-full` (CVE-2018-10936)
* PreparedStatement.setNull(int parameterIndex, int t, String typeName)
no longer ignores the typeName argument if it is not setNull
* Reduce the severity of the error log messages when an exception is
re-thrown. The error will be thrown to caller to be dealt with so no need
to log at this verbosity by pgjdbc
* Deprecate Fastpath API PR 903
* Support parenthesis in {oj ...} JDBC escape syntax
* socksProxyHost is ignored in case it contains empty string
* Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)
using the Ongres SCRAM library
* Make SELECT INTO and CREATE TABLE AS return row counts to the client in
their command tags
* Support Subject Alternative Names for SSL connections
* Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column
* Support for primitive arrays PR 887 3e0491a
* Implement support for get/setNetworkTimeout() in connections
* Make GSS JAAS login optional, add an option 'jaasLogin'
* Improve behaviour of ResultSet.getObject(int, Class)
* Parse CommandComplete message using a regular expression, allows complete
catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,
FETCH, MOVE,COPY and future commands.
* Use 'time with timezone' and 'timestamp with timezone' as is and ignore the
user provided Calendars, 'time' and 'timestamp' work as earlier except
'00:00:00' now maps to 1970-01-01 and '24:00:00' uses the system provided
Calendar ignoring the user-provided one
* Change behaviour of multihost connection. The new behaviour is to try all
secondaries first before trying the master
* Drop support for the (insecure) crypt authentication method
* slave and preferSlave values for the targetServerType connection property
have been deprecated in favour of secondary and preferSecondary
respectively
* Statements with non-zero fetchSize no longer require server-side
named handle. This might cause issues when using old PostgreSQL versions
(pre-8.4)+fetchSize+interleaved ResultSet processing combo
* Better logic for returning keyword detection. Previously, pgjdbc could be
defeated by column names that contain returning, so pgjdbc failed to
'return generated keys' as it considered statement as already having
returning keyword
* Use server-prepared statements for batch inserts when prepareThreshold>0.
This enables batch to use server-prepared from the first executeBatch()
execution (previously it waited for prepareThreshold executeBatch() calls)
* Replication protocol API was added: replication API documentation
* java.util.logging is now used for logging: logging documentation
* Add support for PreparedStatement.setCharacterStream(int, Reader)
* Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could
use server-prepared statements for batch execution even with
prepareThreshold=0
* Error position is displayed when SQL has unterminated literals,
comments, etc
* Strict handling of accepted values in getBoolean and setObject(BOOLEAN),
now it follows PostgreSQL accepted values, only 1 and 0 for numeric types
are acepted (previusly !=0 was true)
* Deprecated PGPoolingDataSource, instead of this class you should use a
fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,
c3p0, etc
* 'current transaction is aborted' exception includes the original exception
via caused-by chain
* Better support for RETURNGENERATEDKEYS, statements with RETURNING clause
* Avoid user-visible prepared-statement errors if client uses
DEALLOCATE/DISCARD statements (invalidate cache when those statements
detected)
* Avoid user-visible prepared-statement errors if client changes searchpath
(invalidate cache when set searchpath detected)
* Support comments when replacing {fn ...} JDBC syntax
* Support for Types.REF_CURSOR
* Performance optimization for timestamps (~TimeZone.getDefault optimization)
* Ability to customize socket factory (e.g. for unix domain sockets)
* Ignore empty sub-queries in composite queries
* Add equality support to PSQLState
* Improved composite/array type support and type naming changes.
- Update to version 42.2.10
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10
- Update to version 42.2.9
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9
- Update to version 42.2.8
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8
- Update to version 42.2.7
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7
- Update to version 42.2.6
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6
- Update to version 42.2.5
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5
- Update to version 42.2.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4
- Update to version 42.2.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3
- Update to version 42.2.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2
- Update to version 42.2.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0
- Update to version 42.1.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4
- Update to version 42.1.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3
- Update to version 42.1.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2
- Update to version 42.1.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.1.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0
- Update to version 9.4.1211
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211
- Update to version 9.4.1210
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210
- Update to version 9.4.1209
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209
- Update to version 9.4.1208
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208
- Update to version 9.4.1207
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207
- Update to version 9.4.1206
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206
- Update to version 9.4.1205
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1204
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1203
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203
- Update to version 9.4.1202
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202
- Update to version 9.4.1201
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201
prometheus-exporters-formula:
- Fix empty directory values initialization
- Disable reverse proxy on default
prometheus-formula:
- Update to version 0.2.3
- Disable Alertmanager clustering (bsc#1178145)
- Update to version 0.2.2
- Use variable for product name
salt-netapi-client:
- Version 0.18.0
See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0
spacewalk-admin:
- Use the license macro to mark the LICENSE in the package so that
when installing without docs, it does install the LICENSE file
- Prevent javax.net.ssl.SSLHandshakeException after upgrading from
SUSE Manager 3.2 (bsc#1177435)
spacewalk-backend:
- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)
- Fix unique machine_id detection (bsc#1176074)
spacewalk-java:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)
- Log token verify errors and check for expired tokens
- Execute Salt SSH actions in parallel (bsc#1173199)
- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Renaming autoinstall distro didn't change the name of the Cobbler distro (bsc#1175876)
spacewalk-web:
- Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)
- Don't allow selecting spice for Xen PV and PVH guests
susemanager:
- Add --force to mgr-create-bootstrap-repo to enforce generation
even when some products are not synchronized
susemanager-schema:
- Execute Salt SSH actions in parallel (bsc#1173199)
susemanager-sls:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix grub2 autoinstall kernel path (bsc#1178060)
- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames
SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\nbind-formula:\n\n- Temporarily disable dnssec-validation as hotfix for bsc#1177790\n- Update to version 0.1.1603299886.60e4bcf\n\ngrafana-formula:\n\n- Use variable for product name\n- Add support for system groups in Client Systems dashboard\n\npostgresql-jdbc:\n\n- Address CVE-2020-13692 (bsc#1172079)\n- Add patch:\n- Major changes since 9.4-1200:\n * License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0\n * Support PostgreSQL 9.5, 9.6, 10 11 and 12 added\n * Support for PostgreSQL versions below 8.2 was dropped\n * Support for JDK8, JDK9, JDK10, JDK11 and JDK12\n * Support for JDK 1.4 and 1.5 was dropped\n * Support for JDBC 4.2 added\n * Add maxResultBuffer property\n * Add caller push of binary data\n * Read only transactions\n * pkcs12 key functionality\n * New \u0027escapeSyntaxCallMode\u0027 connection property\n * Connection property to limit server error detail in exception\n exceptions\n * CancelQuery() to PGConnection public interface\n * Support for large update counts (JDBC 4.2)\n * Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY\n * Expose parameter status messages (GUC_REPORT) to the user\n * Log ignoring rollback when no transaction in progress\n * Map inet type to InetAddress\n * Change ISGENERATED to ISGENERATEDCOLUMN as per spec\n * Support temporary replication slots in ReplicationCreateSlotBuilder\n * Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns\n * Return information on create replication slot, now the snapshot_name\n is exported to allow a consistent snapshot in some uses cases\n * `ssl=true` implies `sslmode=verify-full`, that is it requires valid\n server certificate\n * Support for `sslmode=allow/prefer/require`\n * Added server hostname verification for non-default SSL factories in\n `sslmode=verify-full` (CVE-2018-10936)\n * PreparedStatement.setNull(int parameterIndex, int t, String typeName)\n no longer ignores the typeName argument if it is not setNull\n * Reduce the severity of the error log messages when an exception is\n re-thrown. The error will be thrown to caller to be dealt with so no need\n to log at this verbosity by pgjdbc\n * Deprecate Fastpath API PR 903\n * Support parenthesis in {oj ...} JDBC escape syntax\n * socksProxyHost is ignored in case it contains empty string\n * Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)\n using the Ongres SCRAM library\n * Make SELECT INTO and CREATE TABLE AS return row counts to the client in\n their command tags\n * Support Subject Alternative Names for SSL connections\n * Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column\n * Support for primitive arrays PR 887 3e0491a\n * Implement support for get/setNetworkTimeout() in connections\n * Make GSS JAAS login optional, add an option \u0027jaasLogin\u0027\n * Improve behaviour of ResultSet.getObject(int, Class)\n * Parse CommandComplete message using a regular expression, allows complete\n catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,\n FETCH, MOVE,COPY and future commands.\n * Use \u0027time with timezone\u0027 and \u0027timestamp with timezone\u0027 as is and ignore the\n user provided Calendars, \u0027time\u0027 and \u0027timestamp\u0027 work as earlier except\n \u002700:00:00\u0027 now maps to 1970-01-01 and \u002724:00:00\u0027 uses the system provided\n Calendar ignoring the user-provided one\n * Change behaviour of multihost connection. The new behaviour is to try all\n secondaries first before trying the master\n * Drop support for the (insecure) crypt authentication method\n * slave and preferSlave values for the targetServerType connection property\n have been deprecated in favour of secondary and preferSecondary\n respectively\n * Statements with non-zero fetchSize no longer require server-side\n named handle. This might cause issues when using old PostgreSQL versions\n (pre-8.4)+fetchSize+interleaved ResultSet processing combo\n * Better logic for returning keyword detection. Previously, pgjdbc could be\n defeated by column names that contain returning, so pgjdbc failed to\n \u0027return generated keys\u0027 as it considered statement as already having\n returning keyword\n * Use server-prepared statements for batch inserts when prepareThreshold\u003e0.\n This enables batch to use server-prepared from the first executeBatch()\n execution (previously it waited for prepareThreshold executeBatch() calls)\n * Replication protocol API was added: replication API documentation\n * java.util.logging is now used for logging: logging documentation\n * Add support for PreparedStatement.setCharacterStream(int, Reader)\n * Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could\n use server-prepared statements for batch execution even with\n prepareThreshold=0\n * Error position is displayed when SQL has unterminated literals,\n comments, etc\n * Strict handling of accepted values in getBoolean and setObject(BOOLEAN),\n now it follows PostgreSQL accepted values, only 1 and 0 for numeric types\n are acepted (previusly !=0 was true)\n * Deprecated PGPoolingDataSource, instead of this class you should use a\n fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,\n c3p0, etc\n * \u0027current transaction is aborted\u0027 exception includes the original exception\n via caused-by chain\n * Better support for RETURNGENERATEDKEYS, statements with RETURNING clause\n * Avoid user-visible prepared-statement errors if client uses\n DEALLOCATE/DISCARD statements (invalidate cache when those statements\n detected)\n * Avoid user-visible prepared-statement errors if client changes searchpath\n (invalidate cache when set searchpath detected)\n * Support comments when replacing {fn ...} JDBC syntax\n * Support for Types.REF_CURSOR\n * Performance optimization for timestamps (~TimeZone.getDefault optimization)\n * Ability to customize socket factory (e.g. for unix domain sockets)\n * Ignore empty sub-queries in composite queries\n * Add equality support to PSQLState\n * Improved composite/array type support and type naming changes.\n- Update to version 42.2.10\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10\n- Update to version 42.2.9\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9\n- Update to version 42.2.8\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8\n- Update to version 42.2.7\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7\n- Update to version 42.2.6\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6\n- Update to version 42.2.5\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5\n- Update to version 42.2.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4\n- Update to version 42.2.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3\n- Update to version 42.2.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2\n- Update to version 42.2.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0\n- Update to version 42.1.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4\n- Update to version 42.1.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3\n- Update to version 42.1.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2\n- Update to version 42.1.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.1.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0\n- Update to version 9.4.1211\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211\n- Update to version 9.4.1210\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210\n- Update to version 9.4.1209\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209\n- Update to version 9.4.1208\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208\n- Update to version 9.4.1207\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207\n- Update to version 9.4.1206\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206\n- Update to version 9.4.1205\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1204\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1203\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203\n- Update to version 9.4.1202\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202\n- Update to version 9.4.1201\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201\n\nprometheus-exporters-formula:\n\n- Fix empty directory values initialization\n- Disable reverse proxy on default\n\nprometheus-formula:\n\n- Update to version 0.2.3\n- Disable Alertmanager clustering (bsc#1178145)\n- Update to version 0.2.2\n- Use variable for product name\n\nsalt-netapi-client:\n\n- Version 0.18.0\n See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0\n\nspacewalk-admin:\n\n- Use the license macro to mark the LICENSE in the package so that\n when installing without docs, it does install the LICENSE file\n- Prevent javax.net.ssl.SSLHandshakeException after upgrading from\n SUSE Manager 3.2 (bsc#1177435)\n\nspacewalk-backend:\n\n- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)\n- Fix unique machine_id detection (bsc#1176074)\n\nspacewalk-java:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)\n- Log token verify errors and check for expired tokens\n- Execute Salt SSH actions in parallel (bsc#1173199)\n- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)\n- Fix action chain resuming when patches updating salt-minion don\u0027t cause service to be\n restarted (bsc#1144447)\n- Renaming autoinstall distro didn\u0027t change the name of the Cobbler distro (bsc#1175876)\n\nspacewalk-web:\n\n- Fix link to documentation in Admin -\u003e Manager Configuration -\u003e Monitoring (bsc#1176172)\n- Don\u0027t allow selecting spice for Xen PV and PVH guests\n\nsusemanager:\n\n- Add --force to mgr-create-bootstrap-repo to enforce generation\n even when some products are not synchronized\n\nsusemanager-schema:\n\n- Execute Salt SSH actions in parallel (bsc#1173199)\n\nsusemanager-sls:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix grub2 autoinstall kernel path (bsc#1178060)\n- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer\n- Fix action chain resuming when patches updating salt-minion don\u0027t cause service to be\n restarted (bsc#1144447)\n- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3466-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3466-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007827.html"
},
{
"category": "self",
"summary": "SUSE Bug 1144447",
"url": "https://bugzilla.suse.com/1144447"
},
{
"category": "self",
"summary": "SUSE Bug 1172079",
"url": "https://bugzilla.suse.com/1172079"
},
{
"category": "self",
"summary": "SUSE Bug 1173199",
"url": "https://bugzilla.suse.com/1173199"
},
{
"category": "self",
"summary": "SUSE Bug 1175739",
"url": "https://bugzilla.suse.com/1175739"
},
{
"category": "self",
"summary": "SUSE Bug 1175876",
"url": "https://bugzilla.suse.com/1175876"
},
{
"category": "self",
"summary": "SUSE Bug 1175987",
"url": "https://bugzilla.suse.com/1175987"
},
{
"category": "self",
"summary": "SUSE Bug 1176074",
"url": "https://bugzilla.suse.com/1176074"
},
{
"category": "self",
"summary": "SUSE Bug 1176172",
"url": "https://bugzilla.suse.com/1176172"
},
{
"category": "self",
"summary": "SUSE Bug 1177336",
"url": "https://bugzilla.suse.com/1177336"
},
{
"category": "self",
"summary": "SUSE Bug 1177435",
"url": "https://bugzilla.suse.com/1177435"
},
{
"category": "self",
"summary": "SUSE Bug 1177790",
"url": "https://bugzilla.suse.com/1177790"
},
{
"category": "self",
"summary": "SUSE Bug 1178060",
"url": "https://bugzilla.suse.com/1178060"
},
{
"category": "self",
"summary": "SUSE Bug 1178145",
"url": "https://bugzilla.suse.com/1178145"
},
{
"category": "self",
"summary": "SUSE Bug 1178195",
"url": "https://bugzilla.suse.com/1178195"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10936 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13692 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13692/"
}
],
"title": "Security update for SUSE Manager Server 4.0",
"tracking": {
"current_release_date": "2020-11-20T14:06:24Z",
"generator": {
"date": "2020-11-20T14:06:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3466-1",
"initial_release_date": "2020-11-20T14:06:24Z",
"revision_history": [
{
"date": "2020-11-20T14:06:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.aarch64",
"product": {
"name": "susemanager-4.0.32-3.46.1.aarch64",
"product_id": "susemanager-4.0.32-3.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.aarch64",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.aarch64",
"product_id": "susemanager-tools-4.0.32-3.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"product": {
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"product_id": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch"
}
},
{
"category": "product_version",
"name": "grafana-formula-0.2.2-4.13.1.noarch",
"product": {
"name": "grafana-formula-0.2.2-4.13.1.noarch",
"product_id": "grafana-formula-0.2.2-4.13.1.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"product": {
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"product_id": "postgresql-jdbc-42.2.10-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch",
"product": {
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch",
"product_id": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"product": {
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"product_id": "prometheus-exporters-formula-0.7.5-3.16.1.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-formula-0.2.3-4.16.1.noarch",
"product": {
"name": "prometheus-formula-0.2.3-4.16.1.noarch",
"product_id": "prometheus-formula-0.2.3-4.16.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product_id": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.18.0-4.12.1.noarch",
"product": {
"name": "salt-netapi-client-0.18.0-4.12.1.noarch",
"product_id": "salt-netapi-client-0.18.0-4.12.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-4.0.12-3.15.1.noarch",
"product": {
"name": "spacewalk-admin-4.0.12-3.15.1.noarch",
"product_id": "spacewalk-admin-4.0.12-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-app-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-applet-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-iss-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-server-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-tools-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-minimal-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-dobby-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-dobby-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-html-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-html-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-config-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-lib-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-taskomatic-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.0.23-3.32.1.noarch",
"product": {
"name": "susemanager-schema-4.0.23-3.32.1.noarch",
"product_id": "susemanager-schema-4.0.23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.0.23-3.32.1.noarch",
"product": {
"name": "susemanager-schema-sanity-4.0.23-3.32.1.noarch",
"product_id": "susemanager-schema-sanity-4.0.23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.0.31-3.37.1.noarch",
"product": {
"name": "susemanager-sls-4.0.31-3.37.1.noarch",
"product_id": "susemanager-sls-4.0.31-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"product": {
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"product_id": "susemanager-web-libs-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.ppc64le",
"product": {
"name": "susemanager-4.0.32-3.46.1.ppc64le",
"product_id": "susemanager-4.0.32-3.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"product_id": "susemanager-tools-4.0.32-3.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.s390x",
"product": {
"name": "susemanager-4.0.32-3.46.1.s390x",
"product_id": "susemanager-4.0.32-3.46.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.s390x",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.s390x",
"product_id": "susemanager-tools-4.0.32-3.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.x86_64",
"product": {
"name": "susemanager-4.0.32-3.46.1.x86_64",
"product_id": "susemanager-4.0.32-3.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.x86_64",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.x86_64",
"product_id": "susemanager-tools-4.0.32-3.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.0",
"product": {
"name": "SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch"
},
"product_reference": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-formula-0.2.2-4.13.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch"
},
"product_reference": "grafana-formula-0.2.2-4.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch"
},
"product_reference": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch"
},
"product_reference": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-formula-0.2.3-4.16.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch"
},
"product_reference": "prometheus-formula-0.2.3-4.16.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch"
},
"product_reference": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.18.0-4.12.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch"
},
"product_reference": "salt-netapi-client-0.18.0-4.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-4.0.12-3.15.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch"
},
"product_reference": "spacewalk-admin-4.0.12-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-html-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le"
},
"product_reference": "susemanager-4.0.32-3.46.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x"
},
"product_reference": "susemanager-4.0.32-3.46.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64"
},
"product_reference": "susemanager-4.0.32-3.46.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.0.23-3.32.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch"
},
"product_reference": "susemanager-schema-4.0.23-3.32.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.0.31-3.37.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch"
},
"product_reference": "susemanager-sls-4.0.31-3.37.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
},
"product_reference": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10936"
}
],
"notes": [
{
"category": "general",
"text": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10936",
"url": "https://www.suse.com/security/cve/CVE-2018-10936"
},
{
"category": "external",
"summary": "SUSE Bug 1106539 for CVE-2018-10936",
"url": "https://bugzilla.suse.com/1106539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T14:06:24Z",
"details": "important"
}
],
"title": "CVE-2018-10936"
},
{
"cve": "CVE-2020-13692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13692"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13692",
"url": "https://www.suse.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "SUSE Bug 1172746 for CVE-2020-13692",
"url": "https://bugzilla.suse.com/1172746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T14:06:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-13692"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…