SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3347

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3347

Security update for postgresql15

Type: security

Severity: moderate

Issued: 2023-08-17

Description:

This update for postgresql15 fixes the following issues:

- Update to 15.4
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
- CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061)

References

CVE: CVE-2023-39418
CVE: CVE-2023-39417
Bugzilla: 1214061 VUL-0: EMBARGOED: CVE-2023-39418: postgresql15: Fix MERGE to enforce row security policies properly
Bugzilla: 1214059 VUL-0: EMBARGOED: CVE-2023-39417: postgresql12,postgresql13,postgresql14,postgresql15: Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign

Packages

postgresql15-15.4-150200.5.12.1