Stay Secure with the Latest Linux Advisories

security advisoryred hatmoderate severity

RedHat: RHSA-2023-4313-01 Moderate: PostgreSQL Schema Exploitation

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-postgresql12-postgresql security update Advisory ID: RHSA-2023:4313-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2023:4313 Issue date: 2023-07-27 CVE Names: CVE-2023-2454 CVE-2023-2455 ===================================================================== 1. Summary: An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL Workstation(v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for RHEL(v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: schema_element defeats protective search_path changes (CVE-2023-2454) * postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automaticallyrestarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes 2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining. 6. Package List: Red Hat Software Collections for RHEL Workstation(v.7): Source: rh-postgresql12-postgresql-12.15-1.el7.src.rpm ppc64le: rh-postgresql12-postgresql-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-syspaths-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-debuginfo-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-devel-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-docs-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-libs-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plperl-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plpython-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-pltcl-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-syspaths-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-static-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-syspaths-12.15-1.el7.ppc64le.rpm rh-postgresql12-postgresql-test-12.15-1.el7.ppc64le.rpm s390x: rh-postgresql12-postgresql-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-syspaths-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-debuginfo-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-devel-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-docs-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-libs-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-plperl-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-plpython-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-pltcl-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-server-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-server-syspaths-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-static-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-syspaths-12.15-1.el7.s390x.rpm rh-postgresql12-postgresql-test-12.15-1.el7.s390x.rpm x86_64: rh-postgresql12-postgresql-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-debuginfo-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-devel-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-docs-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-libs-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-plperl-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-plpython-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-pltcl-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-static-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-test-12.15-1.el7.x86_64.rpm Red Hat Software Collections for RHEL(v. 7): Source: rh-postgresql12-postgresql-12.15-1.el7.src.rpm x86_64: rh-postgresql12-postgresql-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-debuginfo-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-devel-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-docs-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-libs-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-plperl-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-plpython-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-pltcl-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-static-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-syspaths-12.15-1.el7.x86_64.rpm rh-postgresql12-postgresql-test-12.15-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-2454 https://access.redhat.com/security/cve/CVE-2023-2455 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkwn0rAAoJENzjgjWX9erEgzoP/A7d/F+IVuddE1o169mZWEfO kOvEc4bI3fbOJRFjB3SerD6MBMigC9hD3uuuDUG6quvBf9y42WL2CoLhRbhNymTe wnQCfRhWOZEwEerdDsUg9TpC3q6cOpL4oJBN0fOe/mA7yzKK6ehWnMW3NW6QmpQE hSbhJOnU0OF6U8TzlnigP2YGxwuA37AffFSz/za92OYRZ6znOGXD1Hb03YCB8maI SHBpf3XQm5BynOStY4DneYz+H4rt/pMQxuQrj8fJs3shxPexMbdJMxTSkZg4iVcw xeTZ3hUbh/IQitjdI5qlmueN4Fg+zxkrcB8iDnyDEpei+4qP392TtEgpOJAv/OJ2 qb09FrDx49a0D+lBZ6tbQJe/nO3P3dT/cbLDtoehLK8h3HTp3QbTGxA/vvkvaYcA R4CibfDd3f70VhRAJhQQHeox/SxQy1qDRkmNFbFtLSj3/pa2RyBD6Dy7MynfUhku +YYZRqPQeMBmx7prXAHJqeXFYSwdEuTJZMrdAgqZ7qjgKD+vTq3YhD2plL5loEfh YelYqcz6nmdB+/fBW4mfAIf/+NMrv0LG4ak7CCAGaQt5e6YIHVr+X/c++zGHvOBo BZ7DFeOP+nfbDP3rKVAzCVYkLTKBh9WMoepK7zD+H34dxdLOwTWYfzZmB5uDq6js AZp3FTK9OHiJZokHj+ol =NiAD -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical security notice regarding rh-postgresql12-postgresql, highlighting vulnerabilities such as schema manipulation and unauthorized user ID modifications.. rh-postgresql12-postgresql, red hat update, software collections, security patch. . LinuxSecurity.com Team

Jul 27, 2023 Red Hat