Описание
Security update for postgresql14
This update for postgresql14 fixes the following issues:
Updated to version 14.8:
- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
Список пакетов
Container suse/postgres:14
postgresql14-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
SUSE Enterprise Storage 7
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Enterprise Storage 7.1
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
postgresql14-14.8-150200.5.26.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
postgresql14-llvmjit-14.8-150200.5.26.1
postgresql14-llvmjit-devel-14.8-150200.5.26.1
postgresql14-test-14.8-150200.5.26.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Real Time 15 SP3
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Server 15 SP2-LTSS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Server 15 SP3-LTSS
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Manager Proxy 4.2
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
SUSE Manager Server 4.2
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
openSUSE Leap 15.4
postgresql14-14.8-150200.5.26.1
postgresql14-contrib-14.8-150200.5.26.1
postgresql14-devel-14.8-150200.5.26.1
postgresql14-docs-14.8-150200.5.26.1
postgresql14-llvmjit-14.8-150200.5.26.1
postgresql14-llvmjit-devel-14.8-150200.5.26.1
postgresql14-plperl-14.8-150200.5.26.1
postgresql14-plpython-14.8-150200.5.26.1
postgresql14-pltcl-14.8-150200.5.26.1
postgresql14-server-14.8-150200.5.26.1
postgresql14-server-devel-14.8-150200.5.26.1
postgresql14-test-14.8-150200.5.26.1
Ссылки
- Link for SUSE-SU-2023:2205-1
- E-Mail link for SUSE-SU-2023:2205-1
- SUSE Security Ratings
- SUSE Bug 1210303
- SUSE Bug 1211228
- SUSE Bug 1211229
- SUSE CVE CVE-2023-2454 page
- SUSE CVE CVE-2023-2455 page
Описание
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Затронутые продукты
Container suse/postgres:14:postgresql14-14.8-150200.5.26.1
Container suse/postgres:14:postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-contrib-14.8-150200.5.26.1
Ссылки
- CVE-2023-2454
- SUSE Bug 1211228
Описание
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Затронутые продукты
Container suse/postgres:14:postgresql14-14.8-150200.5.26.1
Container suse/postgres:14:postgresql14-server-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-14.8-150200.5.26.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:postgresql14-contrib-14.8-150200.5.26.1
Ссылки
- CVE-2023-2455
- SUSE Bug 1211229