Oval Definition:oval:org.opensuse.security:def:20232455
Revision Date:2023-06-22Version:1
Title:CVE-2023-2455
Description:

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-2455
SUSE CVE-2023-2455
SUSE-CU-2023:1787-1
SUSE-CU-2023:1788-1
SUSE-SU-2023:2198-1
SUSE-SU-2023:2199-1
SUSE-SU-2023:2200-1
SUSE-SU-2023:2201-1
SUSE-SU-2023:2202-1
SUSE-SU-2023:2205-1
SUSE-SU-2023:2206-1
SUSE-SU-2023:2207-1
SUSE-SU-2023:2219-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Module for Legacy 15 SP5
SUSE Linux Enterprise Module for Server Applications 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Server Applications 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • postgresql-contrib is not affected
  • OR postgresql-devel is not affected
  • OR postgresql-docs is not affected
  • OR postgresql-plperl is not affected
  • OR postgresql-plpython is not affected
  • OR postgresql-pltcl is not affected
  • OR postgresql-server is not affected
  • OR postgresql-server-devel is not affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • libpq5-15.3-150200.5.9.1 is installed
  • OR postgresql15-15.3-150200.5.9.1 is installed
  • OR postgresql is not affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Legacy 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • postgresql14-14.8-150200.5.26.1 is installed
  • OR postgresql14-contrib-14.8-150200.5.26.1 is installed
  • OR postgresql14-devel-14.8-150200.5.26.1 is installed
  • OR postgresql14-docs-14.8-150200.5.26.1 is installed
  • OR postgresql14-llvmjit-14.8-150200.5.26.1 is installed
  • OR postgresql14-llvmjit-devel-14.8-150200.5.26.1 is installed
  • OR postgresql14-plperl-14.8-150200.5.26.1 is installed
  • OR postgresql14-plpython-14.8-150200.5.26.1 is installed
  • OR postgresql14-pltcl-14.8-150200.5.26.1 is installed
  • OR postgresql14-server-14.8-150200.5.26.1 is installed
  • OR postgresql14-server-devel-14.8-150200.5.26.1 is installed
  • OR postgresql-llvmjit is not affected
  • OR postgresql-llvmjit-devel is not affected
    • BACK