Bug 1197063 (CVE-2022-24128) - VUL-0: CVE-2022-24128: timescaledb: allow privilege escalation during extension installation
Summary: VUL-0: CVE-2022-24128: timescaledb: allow privilege escalation during extensi...
Status: RESOLVED FIXED
Alias: CVE-2022-24128
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Leap 15.4
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Bruno Friedmann
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/326113/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-14 07:43 UTC by Alexander Bergmann
Modified: 2023-12-28 17:47 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-03-14 07:43:18 UTC 
CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation
during extension installation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24128
http://www.cvedetails.com/cve/CVE-2022-24128/
https://docs.timescale.com/timescaledb/latest/overview/release-notes/
Comment 1 OBSbugzilla Bot 2023-02-13 10:55:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1197063) was mentioned in
https://build.opensuse.org/request/show/1065413 Backports:SLE-15-SP4 / timescaledb
https://build.opensuse.org/request/show/1065414 Backports:SLE-15-SP3 / timescaledb
Comment 2 OBSbugzilla Bot 2023-02-14 14:45:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1197063) was mentioned in
https://build.opensuse.org/request/show/1065762 Backports:SLE-15-SP3 / timescaledb
Comment 3 Swamp Workflow Management 2023-02-14 20:25:47 UTC 
openSUSE-SU-2023:0046-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1197063
CVE References: CVE-2022-24128
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    postgresql12-timescaledb-2.9.3-bp154.2.3.1, postgresql13-timescaledb-2.9.3-bp154.2.3.1, postgresql14-timescaledb-2.9.3-bp154.2.3.1, postgresql15-timescaledb-2.9.3-bp154.2.3.1
Comment 4 Swamp Workflow Management 2023-02-19 23:21:53 UTC 
openSUSE-SU-2023:0053-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1197063
CVE References: CVE-2022-24128
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    postgresql12-timescaledb-2.9.3-bp153.2.3.1, postgresql13-timescaledb-2.9.3-bp153.2.3.1, postgresql14-timescaledb-2.9.3-bp153.2.3.1, postgresql15-timescaledb-2.9.3-bp153.2.3.1
Comment 5 Bruno Friedmann 2023-12-28 17:47:28 UTC 
Closing oldies still open.