| Summary: | postgresql new security issues CVE-2023-245[45] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | postgresql13, postgresql11 | CVE: | |
| Status comment: | |||
|
Description
David Walser
2023-05-11 16:57:32 CEST
David Walser
2023-05-11 16:58:56 CEST
Whiteboard:
(none) =>
MGA8TOO Suggested advisory: ======================== The updated packages fix some bugs and a security vulnerabilities: CREATE SCHEMA ... schema_element defeats protective search_path changes. (CVE-2023-2454) Row security policies disregard user ID changes after inlining. (CVE-2023-2455) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2455 https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ ======================== Updated packages in core/updates_testing: ======================== lib(64)pq5.11-11.20-1.mga8 lib(64)ecpg11_6-11.20-1.mga8 postgresql11-11.20-1.mga8 postgresql11-contrib-11.20-1.mga8 postgresql11-devel-11.20-1.mga8 postgresql11-docs-11.20-1.mga8 postgresql11-pl-11.20-1.mga8 postgresql11-plperl-11.20-1.mga8 postgresql11-plpgsql-11.20-1.mga8 postgresql11-plpython3-11.20-1.mga8 postgresql11-pltcl-11.20-1.mga8 postgresql11-server-11.20-1.mga8 lib(64)pq5-13.11-1.mga8 lib(64)ecpg13_6-13.11-1.mga8 postgresql13-13.11-1.mga8 postgresql13-contrib-13.11-1.mga8 postgresql13-devel-13.11-1.mga8 postgresql13-docs-13.11-1.mga8 postgresql13-pl-13.11-1.mga8 postgresql13-plperl-13.11-1.mga8 postgresql13-plpgsql-13.11-1.mga8 postgresql13-plpython3-13.11-1.mga8 postgresql13-pltcl-13.11-1.mga8 postgresql13-server-13.11-1.mga8 from SRPMS: postgresql11-11.20-1.mga8.src.rpm postgresql13-13.11-1.mga8.src.rpm Status:
NEW =>
ASSIGNED MGA8-64 MATE on Acer Aspire 5253 No installation issues for 13 Used pgadmin4 to delete a test database from previous tests, create a new one testtab1311, create a table with an automatic filled primary key, a unique index on another column and a time stamp, entered some data, all works OK. CC:
(none) =>
herman.viaene MGA8-64, vbox, Gnome
The following 10 packages are going to be installed:
- lib64pq5.11-11.20-1.mga8.x86_64
- postgresql11-11.20-1.mga8.x86_64
- postgresql11-contrib-11.20-1.mga8.x86_64
- postgresql11-docs-11.20-1.mga8.noarch
- postgresql11-pl-11.20-1.mga8.x86_64
- postgresql11-plperl-11.20-1.mga8.x86_64
- postgresql11-plpgsql-11.20-1.mga8.x86_64
- postgresql11-plpython3-11.20-1.mga8.x86_64
- postgresql11-pltcl-11.20-1.mga8.x86_64
- postgresql11-server-11.20-1.mga8.x86_64
65MB of additional disk space will be used.
started server created a database and a table
next inserted some data - nothing fancy
bkr=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------+-------+----------
public | mageia_versions | table | postgres
(1 row)
bkr=# select * from mageia_versions
bkr-# ;
mver | crdate
------+--------
(0 rows)
bkr=# insert into mageia_versions values ('1','12-1-2012');
INSERT 0 1
bkr=# insert into mageia_versions values ('2','11-22-2013');
INSERT 0 1
bkr=# insert into mageia_versions values ('3','11-16-2014');
INSERT 0 1
bkr=# select * from mageia_versions;
mver | crdate
------+------------
1 | 2012-12-01
2 | 2013-11-22
3 | 2014-11-16
(3 rows)
bkr=#
worksWhiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Dave Hodgins
2023-05-30 18:28:26 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0187.html Resolution:
(none) =>
FIXED |