ALT-BU-2023-4955-1
Branch p10 update bulletin.
Package memtest86+ updated to version 6.20-alt1 for branch p10 in task 326743.
Closed bugs
memtest86+ 6.0
Package postgresql12 updated to version 12.16-alt0.p10.1 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Package postgresql15-1C updated to version 15.3-alt0.p10.2 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Modified: 2024-12-06
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
- RHSA-2023:7785
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2023:7885
- https://access.redhat.com/security/cve/CVE-2023-39418
- https://access.redhat.com/security/cve/CVE-2023-39418
- RHBZ#2228112
- RHBZ#2228112
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.postgresql.org/support/security/CVE-2023-39418/
- https://www.postgresql.org/support/security/CVE-2023-39418/
Package postgresql15 updated to version 15.4-alt0.p10.1 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Modified: 2024-12-06
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
- RHSA-2023:7785
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2023:7885
- https://access.redhat.com/security/cve/CVE-2023-39418
- https://access.redhat.com/security/cve/CVE-2023-39418
- RHBZ#2228112
- RHBZ#2228112
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.postgresql.org/support/security/CVE-2023-39418/
- https://www.postgresql.org/support/security/CVE-2023-39418/
Package postgresql11 updated to version 11.21-alt0.p10.1 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Package postgresql13 updated to version 13.12-alt0.p10.1 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Package postgresql14 updated to version 14.9-alt0.p10.1 for branch p10 in task 326814.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579