Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2199-1

Опубликовано: 15 мая 2023
Источник: suse-cvrf

Описание

Security update for postgresql12

This update for postgresql12 fixes the following issues:

Updated to version 12.15:

  • CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228).
  • CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229).
  • Internal fixes (bsc#1210303).

Список пакетов

SUSE Enterprise Storage 7
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise Server 15 SP2-LTSS
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise Server 15 SP3-LTSS
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
openSUSE Leap 15.4
postgresql12-12.15-150200.8.44.1
postgresql12-contrib-12.15-150200.8.44.1
postgresql12-devel-12.15-150200.8.44.1
postgresql12-docs-12.15-150200.8.44.1
postgresql12-llvmjit-12.15-150200.8.44.1
postgresql12-llvmjit-devel-12.15-150200.8.44.1
postgresql12-plperl-12.15-150200.8.44.1
postgresql12-plpython-12.15-150200.8.44.1
postgresql12-pltcl-12.15-150200.8.44.1
postgresql12-server-12.15-150200.8.44.1
postgresql12-server-devel-12.15-150200.8.44.1
postgresql12-test-12.15-150200.8.44.1

Описание

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.


Затронутые продукты
SUSE Enterprise Storage 7.1:postgresql12-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-contrib-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-devel-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-docs-12.15-150200.8.44.1

Ссылки

Описание

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.


Затронутые продукты
SUSE Enterprise Storage 7.1:postgresql12-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-contrib-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-devel-12.15-150200.8.44.1
SUSE Enterprise Storage 7.1:postgresql12-docs-12.15-150200.8.44.1

Ссылки
Уязвимость SUSE-SU-2023:2199-1