Описание
Security update for postgresql13
This update for postgresql13 fixes the following issues:
Updated to version 13.11:
- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
Список пакетов
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
SUSE Enterprise Storage 7
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Enterprise Storage 7.1
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Module for Legacy 15 SP4
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-llvmjit-13.11-150200.5.40.1
postgresql13-llvmjit-devel-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Real Time 15 SP3
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Server 15 SP2-LTSS
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Server 15 SP3-LTSS
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Manager Proxy 4.2
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
SUSE Manager Server 4.2
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
openSUSE Leap 15.4
postgresql13-13.11-150200.5.40.1
postgresql13-contrib-13.11-150200.5.40.1
postgresql13-devel-13.11-150200.5.40.1
postgresql13-docs-13.11-150200.5.40.1
postgresql13-llvmjit-13.11-150200.5.40.1
postgresql13-llvmjit-devel-13.11-150200.5.40.1
postgresql13-plperl-13.11-150200.5.40.1
postgresql13-plpython-13.11-150200.5.40.1
postgresql13-pltcl-13.11-150200.5.40.1
postgresql13-server-13.11-150200.5.40.1
postgresql13-server-devel-13.11-150200.5.40.1
postgresql13-test-13.11-150200.5.40.1
Ссылки
- Link for SUSE-SU-2023:2219-1
- E-Mail link for SUSE-SU-2023:2219-1
- SUSE Security Ratings
- SUSE Bug 1210303
- SUSE Bug 1211228
- SUSE Bug 1211229
- SUSE CVE CVE-2023-2454 page
- SUSE CVE CVE-2023-2455 page
Описание
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Затронутые продукты
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-contrib-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-server-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:postgresql13-13.11-150200.5.40.1
Ссылки
- CVE-2023-2454
- SUSE Bug 1211228
Описание
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Затронутые продукты
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-contrib-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:postgresql13-server-13.11-150200.5.40.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:postgresql13-13.11-150200.5.40.1
Ссылки
- CVE-2023-2455
- SUSE Bug 1211229