Univention Bugzilla – Bug 56677
postgresql-11: Multiple issues (5.0)
Last modified: 2023-10-04 17:06:39 CEST
New Debian postgresql-11 11.21-0+deb10u1 fixes: This update addresses the following issues: 11.21-0+deb10u1 (Sun, 01 Oct 2023 22:05:23 +0200) * New upstream version. + Prevent CREATE SCHEMA from defeating changes in search_path (Report and fix by Alexander Lakhin, CVE-2023-2454) Within a CREATE SCHEMA command, objects in the prevailing search_path, as well as those in the newly-created schema, would be visible even within a called function or script that attempted to set a secure search_path. This could allow any user having permission to create a schema to hijack the privileges of a security definer function or extension script. + Enforce row-level security policies correctly after inlining a set-returning function (Report by Wolfgang Walther, CVE-2023-2455) If a set-returning SQL-language function refers to a table having row-level security policies, and it can be inlined into a calling query, those RLS policies would not get enforced properly in some cases involving re-using a cached plan under a different role. This could allow a user to see or modify rows that should have been invisible.
--- mirror/ftp/pool/main/p/postgresql-11/postgresql-11_11.20-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/postgresql-11_11.21-0+deb10u1.dsc @@ -1,3 +1,24 @@ +11.21-0+deb10u1 [Sun, 01 Oct 2023 22:05:23 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + + Prevent CREATE SCHEMA from defeating changes in search_path + (Report and fix by Alexander Lakhin, CVE-2023-2454) + Within a CREATE SCHEMA command, objects in the prevailing search_path, + as well as those in the newly-created schema, would be visible even + within a called function or script that attempted to set a secure + search_path. This could allow any user having permission to create a + schema to hijack the privileges of a security definer function or + extension script. + + + Enforce row-level security policies correctly after inlining a + set-returning function (Report by Wolfgang Walther, CVE-2023-2455) + If a set-returning SQL-language function refers to a table having + row-level security policies, and it can be inlined into a calling query, + those RLS policies would not get enforced properly in some cases + involving re-using a cached plan under a different role. This could + allow a user to see or modify rows that should have been invisible. + 11.20-0+deb10u1 [Wed, 10 May 2023 21:04:02 +0200] Christoph Berg <myon@debian.org>: * New upstream version. <http://piuparts.knut.univention.de/5.0-5/#6066458153192877640>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-5] 736cdeefc24 Bug #56677: postgresql-11 11.21-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) [5.0-5] 65a310ab553 Bug #56677: postgresql-11 11.21-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x826>