Advisories » MGASA-2023-0187

Updated postgresql packages fix security vulnerability

Publication date: 31 May 2023
Modification date: 31 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-2454 , CVE-2023-2455

Description

CREATE SCHEMA ... schema_element defeats protective search_path changes.
(CVE-2023-2454)
Row security policies disregard user ID changes after inlining.
(CVE-2023-2455)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31912
• https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2454
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2455

SRPMS

8/core

• postgresql11-11.20-1.mga8
• postgresql13-13.11-1.mga8