{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-49146","title":"Title"},{"category":"description","text":"pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-49146","url":"https://www.suse.com/security/cve/CVE-2025-49146"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1244490 for CVE-2025-49146","url":"https://bugzilla.suse.com/1244490"}],"title":"SUSE CVE CVE-2025-49146","tracking":{"current_release_date":"2026-01-23T00:31:15Z","generator":{"date":"2025-06-13T02:18:10Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-49146","initial_release_date":"2025-06-13T02:18:10Z","revision_history":[{"date":"2025-06-13T02:18:10Z","number":"2","summary":"Current version"},{"date":"2025-06-25T13:44:13Z","number":"3","summary":"Current version"},{"date":"2025-06-25T23:24:45Z","number":"4","summary":"Current version"},{"date":"2025-07-01T23:21:48Z","number":"5","summary":"Current version"},{"date":"2025-07-04T14:36:56Z","number":"6","summary":"Current version"},{"date":"2025-07-07T23:22:26Z","number":"7","summary":"Current version"},{"date":"2025-11-02T03:54:03Z","number":"8","summary":"Current version"},{"date":"2026-01-23T00:31:15Z","number":"9","summary":"unknown changes"}],"status":"interim","version":"9"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Server Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Module for Server Applications 15 SP6","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-server-applications:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Server Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Server Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-server-applications:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product":{"name":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss-extended-security:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6","product":{"name":"SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 15 SP4","product":{"name":"SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.3","product":{"name":"SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.3"}}},{"category":"product_name","name":"SUSE Manager Proxy LTS 4.3","product":{"name":"SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy-lts:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.3","product":{"name":"SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server LTS 4.3","product":{"name":"SUSE Manager Retail Branch Server LTS 4.3","product_id":"SUSE Manager Retail Branch Server LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server-lts:4.3"}}},{"category":"product_name","name":"SUSE Manager Server 4.3","product":{"name":"SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Server LTS 4.3","product":{"name":"SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server-lts:4.3"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"postgresql-jdbc","product":{"name":"postgresql-jdbc","product_id":"postgresql-jdbc","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc@?upstream=postgresql-jdbc.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-42.7.7-1.1","product":{"name":"postgresql-jdbc-42.7.7-1.1","product_id":"postgresql-jdbc-42.7.7-1.1","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:42.7.7:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc@42.7.7-1.1?upstream=postgresql-jdbc-42.7.7-1.1.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-42.7.7-160000.2.2","product":{"name":"postgresql-jdbc-42.7.7-160000.2.2","product_id":"postgresql-jdbc-42.7.7-160000.2.2","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:42.7.7:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc@42.7.7-160000.2.2?upstream=postgresql-jdbc-42.7.7-160000.2.2.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-javadoc","product":{"name":"postgresql-jdbc-javadoc","product_id":"postgresql-jdbc-javadoc","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc-javadoc@?upstream=postgresql-jdbc.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-javadoc-42.7.7-1.1","product":{"name":"postgresql-jdbc-javadoc-42.7.7-1.1","product_id":"postgresql-jdbc-javadoc-42.7.7-1.1","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:42.7.7:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc-javadoc@42.7.7-1.1?upstream=postgresql-jdbc-42.7.7-1.1.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-javadoc-42.7.7-160000.2.2","product":{"name":"postgresql-jdbc-javadoc-42.7.7-160000.2.2","product_id":"postgresql-jdbc-javadoc-42.7.7-160000.2.2","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:42.7.7:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc-javadoc@42.7.7-160000.2.2?upstream=postgresql-jdbc-42.7.7-160000.2.2.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-42.7.7-160000.2.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:postgresql-jdbc-42.7.7-160000.2.2"},"product_reference":"postgresql-jdbc-42.7.7-160000.2.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-javadoc-42.7.7-160000.2.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:postgresql-jdbc-javadoc-42.7.7-160000.2.2"},"product_reference":"postgresql-jdbc-javadoc-42.7.7-160000.2.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-42.7.7-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1"},"product_reference":"postgresql-jdbc-42.7.7-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-javadoc-42.7.7-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1"},"product_reference":"postgresql-jdbc-javadoc-42.7.7-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Module for Server Applications 15 SP6","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP6:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Module for Server Applications 15 SP7","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP7:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4 LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Retail Branch Server LTS 4.3","product_id":"SUSE Manager Retail Branch Server LTS 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Retail Branch Server LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-javadoc as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:postgresql-jdbc-javadoc"},"product_reference":"postgresql-jdbc-javadoc","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2025-49146","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-49146"}],"notes":[{"category":"general","text":"pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP6:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP7:postgresql-jdbc","SUSE Linux Enterprise Module for Server Applications 15 SP6:postgresql-jdbc","SUSE Linux Enterprise Module for Server Applications 15 SP7:postgresql-jdbc","SUSE Linux Enterprise Server 11 SP4 LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP5-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP3-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP4-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP5-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP6:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP7:postgresql-jdbc","SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc","SUSE Linux Enterprise Server Teradata 15 SP4:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP4:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP5:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP6:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP7:postgresql-jdbc","SUSE Manager Proxy 4.3:postgresql-jdbc","SUSE Manager Proxy LTS 4.3:postgresql-jdbc","SUSE Manager Retail Branch Server 4.3:postgresql-jdbc","SUSE Manager Retail Branch Server LTS 4.3:postgresql-jdbc","SUSE Manager Server 4.3:postgresql-jdbc","SUSE Manager Server LTS 4.3:postgresql-jdbc","openSUSE Leap 15.6:postgresql-jdbc","openSUSE Leap 15.6:postgresql-jdbc-javadoc"],"recommended":["SUSE Linux Enterprise Server 16.0:postgresql-jdbc-42.7.7-160000.2.2","SUSE Linux Enterprise Server 16.0:postgresql-jdbc-javadoc-42.7.7-160000.2.2","openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1","openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1"]},"references":[{"category":"external","summary":"CVE-2025-49146","url":"https://www.suse.com/security/cve/CVE-2025-49146"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1244490 for CVE-2025-49146","url":"https://bugzilla.suse.com/1244490"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 16.0:postgresql-jdbc-42.7.7-160000.2.2","SUSE Linux Enterprise Server 16.0:postgresql-jdbc-javadoc-42.7.7-160000.2.2","openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1","openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1"]}],"scores":[{"cvss_v3":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Server 16.0:postgresql-jdbc-42.7.7-160000.2.2","SUSE Linux Enterprise Server 16.0:postgresql-jdbc-javadoc-42.7.7-160000.2.2","openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1","openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1"]}],"threats":[{"category":"impact","date":"2025-06-11T16:00:35Z","details":"important"}],"title":"CVE-2025-49146"}]}