Bug 1199475 – VUL-0: CVE-2022-1552: postgresql13, postgresql14: Confine additional operations within “security restricted operation” sandboxes

Bug 1199475 - (CVE-2022-1552) VUL-0: CVE-2022-1552: postgresql13, postgresql14: Confine additional operations within “security restricted operation” sandboxes

(CVE-2022-1552)
Summary:	VUL-0: CVE-2022-1552: postgresql13, postgresql14: Confine additional operatio...

Status:	IN_PROGRESS

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/331570/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-1552:8.8:(AV:N...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-05-12 09:07 UTC by Robert Frohl
Modified:	2022-11-23 11:19 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 7 Robert Frohl 2022-05-12 15:26:32 UTC

CVE-2022-1552: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox.

Versions Affected: 10 - 14. The security team typically does not test unsupported versions, but this problem is quite old.

Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.

While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum, not manually running the above commands, and not restoring from output of the pg_dump command. Performance may degrade quickly under this workaround. VACUUM is safe, and all commands are fine when a trusted user owns the target object.

The PostgreSQL project thanks Alexander Lakhin for reporting this problem.

https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/

Comment 10 OBSbugzilla Bot 2022-05-13 12:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1199475) was mentioned in
https://build.opensuse.org/request/show/977045 Factory / postgresql10
https://build.opensuse.org/request/show/977046 Factory / postgresql11
https://build.opensuse.org/request/show/977047 Factory / postgresql12
https://build.opensuse.org/request/show/977048 Factory / postgresql13
https://build.opensuse.org/request/show/977049 Factory / postgresql14

Comment 11 Swamp Workflow Management 2022-05-23 13:17:31 UTC

SUSE-SU-2022:1804-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    postgresql10-10.21-4.28.3
SUSE OpenStack Cloud Crowbar 8 (src):    postgresql10-10.21-4.28.3
SUSE OpenStack Cloud 9 (src):    postgresql10-10.21-4.28.3
SUSE OpenStack Cloud 8 (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    postgresql10-10.21-4.28.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    postgresql10-10.21-4.28.3
HPE Helion Openstack 8 (src):    postgresql10-10.21-4.28.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-05-25 10:15:57 UTC

SUSE-SU-2022:1835-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql13-13.7-3.21.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql13-13.7-3.21.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2022-05-27 13:17:49 UTC

SUSE-SU-2022:1869-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql12-12.11-3.27.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql12-12.11-3.27.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2022-05-27 19:16:54 UTC

SUSE-SU-2022:1874-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    postgresql14-14.3-3.9.3
SUSE OpenStack Cloud Crowbar 8 (src):    postgresql14-14.3-3.9.3
SUSE OpenStack Cloud 9 (src):    postgresql14-14.3-3.9.3
SUSE OpenStack Cloud 8 (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    postgresql14-14.3-3.9.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    postgresql14-14.3-3.9.3
HPE Helion Openstack 8 (src):    postgresql14-14.3-3.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2022-05-31 13:17:01 UTC

SUSE-SU-2022:1890-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    postgresql10-10.21-150100.8.47.1
openSUSE Leap 15.3 (src):    postgresql10-10.21-150100.8.47.1
SUSE Manager Server 4.1 (src):    postgresql10-10.21-150100.8.47.1
SUSE Manager Retail Branch Server 4.1 (src):    postgresql10-10.21-150100.8.47.1
SUSE Manager Proxy 4.1 (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    postgresql10-10.21-150100.8.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    postgresql10-10.21-150100.8.47.1
SUSE Enterprise Storage 7 (src):    postgresql10-10.21-150100.8.47.1
SUSE Enterprise Storage 6 (src):    postgresql10-10.21-150100.8.47.1
SUSE CaaS Platform 4.0 (src):    postgresql10-10.21-150100.8.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2022-05-31 16:19:05 UTC

SUSE-SU-2022:1894-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    postgresql12-12.11-150200.8.32.1
openSUSE Leap 15.3 (src):    postgresql12-12.11-150200.8.32.1
SUSE Manager Server 4.1 (src):    postgresql12-12.11-150200.8.32.1
SUSE Manager Retail Branch Server 4.1 (src):    postgresql12-12.11-150200.8.32.1
SUSE Manager Proxy 4.1 (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    postgresql12-12.11-150200.8.32.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    postgresql12-12.11-150200.8.32.1
SUSE Enterprise Storage 7 (src):    postgresql12-12.11-150200.8.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2022-05-31 16:21:02 UTC

SUSE-SU-2022:1895-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    postgresql13-13.7-150200.5.28.1
openSUSE Leap 15.3 (src):    postgresql13-13.7-150200.5.28.1
SUSE Manager Server 4.1 (src):    postgresql13-13.7-150200.5.28.1
SUSE Manager Retail Branch Server 4.1 (src):    postgresql13-13.7-150200.5.28.1
SUSE Manager Proxy 4.1 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    postgresql13-13.7-150200.5.28.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    postgresql13-13.7-150200.5.28.1
SUSE Enterprise Storage 7 (src):    postgresql13-13.7-150200.5.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-06-01 19:17:21 UTC

SUSE-SU-2022:1908-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199475
CVE References: CVE-2022-1552
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
openSUSE Leap 15.3 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Manager Server 4.1 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Manager Retail Branch Server 4.1 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Manager Proxy 4.1 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Server 15-SP2-BCL (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2
SUSE Enterprise Storage 7 (src):    postgresql14-14.3-150200.5.12.1, postgresql14-14.3-150200.5.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2022-08-25 13:19:01 UTC

SUSE-SU-2022:2893-1: An update that solves four vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1179945,1183168,1185952,1187751,1190177,1190740,1192516,1195680,1199475,1202368
CVE References: CVE-2021-23214,CVE-2021-23222,CVE-2022-1552,CVE-2022-2625
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    postgresql-12.0.1-150000.8.19.1
SUSE Linux Enterprise Server for SAP 15 (src):    postgresql-12.0.1-150000.8.19.1, postgresql10-10.22-150000.4.42.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    postgresql-12.0.1-150000.8.19.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    postgresql-12.0.1-150000.8.19.1
SUSE Linux Enterprise Server 15-LTSS (src):    postgresql-12.0.1-150000.8.19.1, postgresql10-10.22-150000.4.42.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    postgresql-12.0.1-150000.8.19.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    postgresql-12.0.1-150000.8.19.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    postgresql-12.0.1-150000.8.19.1, postgresql10-10.22-150000.4.42.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    postgresql-12.0.1-150000.8.19.1, postgresql10-10.22-150000.4.42.1
SUSE Enterprise Storage 6 (src):    postgresql-12.0.1-150000.8.19.1
SUSE CaaS Platform 4.0 (src):    postgresql-12.0.1-150000.8.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2022-08-31 16:19:03 UTC

SUSE-SU-2022:2958-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1179945,1183168,1185924,1185925,1185926,1185952,1187751,1189748,1190740,1192516,1195680,1198166,1199475,1202368
CVE References: CVE-2021-23214,CVE-2021-23222,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029,CVE-2021-3677,CVE-2022-1552,CVE-2022-2625
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    postgresql12-12.12-150100.3.33.1
SUSE Enterprise Storage 6 (src):    postgresql12-12.12-150100.3.33.1
SUSE CaaS Platform 4.0 (src):    postgresql12-12.12-150100.3.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.