ALT-BU-2023-5180-1
Branch sisyphus_riscv64 update bulletin.
Package elfutils updated to version 0.189.0.46.27a8-alt1 for branch sisyphus_riscv64.
Closed bugs
eu-elflint не умеет обрабатывать ELF файлы для архитектуры LoongArch
elfutils: LoongArch: не поддерживаются релокации ELF psABI v2
Package glibc updated to version 2.38.0.6.g7ac405a74c-alt2 for branch sisyphus_riscv64.
Closed bugs
glibc-core: неполные зависимости -- нерабочий pthread_cancel
Package bullet3 updated to version 3.25-alt1 for branch sisyphus_riscv64.
Closed bugs
Обновить bullet3 до апстрима с добавлением патча
Package postgresql15-1C updated to version 15.4-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-04767
Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью SQL-инъекций в расширениях, позволяющая нарушителю выполнять произвольный SQL-запрос к базе данных
BDU:2023-04768
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю читать и обновлять защищенные данные
Modified: 2024-11-21
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
- RHSA-2023:7545
- RHSA-2023:7579
- RHSA-2023:7580
- RHSA-2023:7581
- RHSA-2023:7616
- RHSA-2023:7656
- RHSA-2023:7666
- RHSA-2023:7667
- RHSA-2023:7694
- RHSA-2023:7695
- RHSA-2023:7714
- RHSA-2023:7770
- RHSA-2023:7772
- RHSA-2023:7784
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2024:0304
- RHSA-2024:0332
- RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHBZ#2228111
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHSA-2023:7545
- https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.debian.org/security/2023/dsa-5554
- https://www.postgresql.org/support/security/CVE-2023-39417
- RHBZ#2228111
- https://access.redhat.com/security/cve/CVE-2023-39417
- RHSA-2024:0337
- RHSA-2024:0332
- RHSA-2024:0304
- RHSA-2023:7885
- RHSA-2023:7884
- RHSA-2023:7883
- RHSA-2023:7785
- RHSA-2023:7784
- RHSA-2023:7772
- RHSA-2023:7770
- RHSA-2023:7714
- RHSA-2023:7695
- RHSA-2023:7694
- RHSA-2023:7667
- RHSA-2023:7666
- RHSA-2023:7656
- RHSA-2023:7616
- RHSA-2023:7581
- RHSA-2023:7580
- RHSA-2023:7579
Modified: 2024-12-06
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
- RHSA-2023:7785
- RHSA-2023:7785
- RHSA-2023:7883
- RHSA-2023:7883
- RHSA-2023:7884
- RHSA-2023:7884
- RHSA-2023:7885
- RHSA-2023:7885
- https://access.redhat.com/security/cve/CVE-2023-39418
- https://access.redhat.com/security/cve/CVE-2023-39418
- RHBZ#2228112
- RHBZ#2228112
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
- https://security.netapp.com/advisory/ntap-20230915-0002/
- https://www.debian.org/security/2023/dsa-5553
- https://www.postgresql.org/support/security/CVE-2023-39418/
- https://www.postgresql.org/support/security/CVE-2023-39418/
Package eepm updated to version 3.60.0-alt1 for branch sisyphus_riscv64.
Closed bugs
Некорректная работа epm downgrade