RLSA-2023:4535

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2023:4535.json

Related

Published

2023-10-06T23:10:12.373291Z

Modified

2023-10-06T23:11:39.412649Z

Details

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

postgresql: schemaelement defeats protective searchpath changes (CVE-2023-2454)
postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)
postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:8 / pgaudit

Package

Name: pgaudit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.0-5.module+el8.5.0+686+20453ecc

Rocky Linux:8 / pg_repack

Package

Name: pg_repack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.6-3.module+el8.5.0+684+c3892ef9

Rocky Linux:8 / postgres-decoderbufs

Package

Name: postgres-decoderbufs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.10.0-2.module+el8.5.0+684+c3892ef9

Rocky Linux:8 / postgresql

Package

Name: postgresql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:12.15-1.module+el8.8.0+1441+a10239d2