Univention Bugzilla – Bug 56061
postgresql-11: Multiple issues (5.0)
Last modified: 2023-05-17 12:54:23 CEST
New Debian postgresql-11 11.20-0+deb10u1 fixes: This update addresses the following issues: 11.20-0+deb10u1 (Wed, 10 May 2023 21:04:02 +0200) * New upstream version. + Prevent CREATE SCHEMA from defeating changes in search_path (Report and fix by Alexander Lakhin, CVE-2023-2454) Within a CREATE SCHEMA command, objects in the prevailing search_path, as well as those in the newly-created schema, would be visible even within a called function or script that attempted to set a secure search_path. This could allow any user having permission to create a schema to hijack the privileges of a security definer function or extension script. + Enforce row-level security policies correctly after inlining a set-returning function (Report by Wolfgang Walther, CVE-2023-2455) If a set-returning SQL-language function refers to a table having row-level security policies, and it can be inlined into a calling query, those RLS policies would not get enforced properly in some cases involving re-using a cached plan under a different role. This could allow a user to see or modify rows that should have been invisible.
--- mirror/ftp/pool/main/p/postgresql-11/postgresql-11_11.19-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/postgresql-11_11.20-0+deb10u1.dsc @@ -1,3 +1,26 @@ +11.20-0+deb10u1 [Wed, 10 May 2023 21:04:02 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + + Prevent CREATE SCHEMA from defeating changes in search_path + (Report and fix by Alexander Lakhin, CVE-2023-2454) + + Within a CREATE SCHEMA command, objects in the prevailing search_path, + as well as those in the newly-created schema, would be visible even + within a called function or script that attempted to set a secure + search_path. This could allow any user having permission to create a + schema to hijack the privileges of a security definer function or + extension script. + + + Enforce row-level security policies correctly after inlining a + set-returning function (Report by Wolfgang Walther, CVE-2023-2455) + + If a set-returning SQL-language function refers to a table having + row-level security policies, and it can be inlined into a calling query, + those RLS policies would not get enforced properly in some cases + involving re-using a cached plan under a different role. This could + allow a user to see or modify rows that should have been invisible. + 11.19-0+deb10u1 [Tue, 07 Feb 2023 17:14:48 +0100] Christoph Berg <myon@debian.org>: * New upstream version. <http://piuparts.knut.univention.de/5.0-3/#4013126520030861878>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] f3bdb35cb2 Bug #56061: postgresql-11 11.20-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) [5.0-3] e49244d2fd Bug #56061: postgresql-11 11.20-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x667>