+ A dump/restore is not required for those running 15.X.
+ Also, if you are upgrading from a version earlier than 15.1, see
those release notes as well please.
+ Prevent CREATE SCHEMA from defeating changes in search_path
(Alexander Lakhin)
Within a CREATE SCHEMA command, objects in the prevailing
search_path, as well as those in the newly-created schema, would be
visible even within a called function or script that attempted to set
a secure search_path. This could allow any user having permission to
create a schema to hijack the privileges of a security definer
function or extension script.
(CVE-2023-2454)
+ Enforce row-level security policies correctly after inlining a
set-returning function (Stephen Frost, Tom Lane)
If a set-returning SQL-language function refers to a table having
row-level security policies, and it can be inlined into a calling
query, those RLS policies would not get enforced properly in some
cases involving re-using a cached plan under a different role. This
could allow a user to see or modify rows that should have been
invisible.
(CVE-2023-2455)
This bug was fixed in the package postgresql-15 - 15.3-0ubuntu0. 23.04.1
--------------- 23.04.1) lunar-security; urgency=medium
postgresql-15 (15.3-0ubuntu0.
* New upstream version (LP: #2019214).
+ A dump/restore is not required for those running 15.X.
+ Also, if you are upgrading from a version earlier than 15.1, see
those release notes as well please.
+ Prevent CREATE SCHEMA from defeating changes in search_path
(Alexander Lakhin)
Within a CREATE SCHEMA command, objects in the prevailing CVE-2023- 2454)
search_path, as well as those in the newly-created schema, would be
visible even within a called function or script that attempted to set
a secure search_path. This could allow any user having permission to
create a schema to hijack the privileges of a security definer
function or extension script.
(
+ Enforce row-level security policies correctly after inlining a
set-returning function (Stephen Frost, Tom Lane)
If a set-returning SQL-language function refers to a table having CVE-2023- 2455)
row-level security policies, and it can be inlined into a calling
query, those RLS policies would not get enforced properly in some
cases involving re-using a cached plan under a different role. This
could allow a user to see or modify rows that should have been
invisible.
(
+ Details about these and many further changes can be found at: /www.postgresql .org/docs/ 15/release- 15-3.html.
https:/
-- Sergio Durigan Junior <email address hidden> Thu, 11 May 2023 16:24:27 -0400