SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2205

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2205

Security update for postgresql14

Type: security

Severity: important

Issued: 2023-05-15

Description:

This update for postgresql14 fixes the following issues:

Updated to version 14.8:
  - CVE-2023-2454: Fixed an issue where a user having permission to
    create a schema could hijack the privileges of a security definer
    function or extension script (bsc#1211228).
  - CVE-2023-2455: Fixed an issue that could allow a user to see or
    modify rows that should have been invisible (bsc#1211229).
  - Internal fixes (bsc#1210303).

References

CVE: CVE-2023-2455
CVE: CVE-2023-2454
Bugzilla: 1211229 VUL-0: EMBARGOED: CVE-2023-2455: postgresql: Enforce row-level security policies correctly after inlining a set-returning function
Bugzilla: 1211228 VUL-0: EMBARGOED: CVE-2023-2454: postgresql: Prevent CREATE SCHEMA from defeating changes in search_path
Bugzilla: 1210303 Removal of %_restart_on_update breaks several packages

Packages

postgresql14-14.8-150200.5.26.1