ALT-BU-2023-3501-1
Branch sisyphus_e2k update bulletin.
Package postgresql15 updated to version 15.3-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/
Package postgresql11 updated to version 11.20-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/
Package postgresql12 updated to version 12.15-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/
Package postgresql13 updated to version 13.11-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/
Package postgresql14 updated to version 14.8-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/
Package postgresql15-1C updated to version 15.3-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-03024
Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-03247
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2025-01-06
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://access.redhat.com/security/cve/CVE-2023-2454
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2454/
- https://www.postgresql.org/support/security/CVE-2023-2454/
Modified: 2025-01-06
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://access.redhat.com/security/cve/CVE-2023-2455
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://security.netapp.com/advisory/ntap-20230706-0006/
- https://www.postgresql.org/support/security/CVE-2023-2455/
- https://www.postgresql.org/support/security/CVE-2023-2455/