vuln-list-alt/oval/p10/ALT-PU-2023-4814/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20234814",
      "Version": "oval:org.altlinux.errata:def:20234814",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2023-4814: package `postgresql15-1C` update to version 15.3-alt0.p10.2",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2023-4814",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2023-4814",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2023-39417",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39417",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2023-39418",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades postgresql15-1C to version 15.3-alt0.p10.2. \nSecurity Fix(es):\n\n * CVE-2023-39417: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.\n\n * CVE-2023-39418: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2023-08-15"
          },
          "Updated": {
            "Date": "2023-08-15"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2023-39417",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-89",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39417",
              "Impact": "High",
              "Public": "20230811"
            },
            {
              "ID": "CVE-2023-39418",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418",
              "Impact": "Low",
              "Public": "20230811"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814001",
                "Comment": "postgresql15-1C is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814002",
                "Comment": "postgresql15-1C-contrib is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814003",
                "Comment": "postgresql15-1C-docs is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814004",
                "Comment": "postgresql15-1C-llvmjit is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814005",
                "Comment": "postgresql15-1C-perl is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814006",
                "Comment": "postgresql15-1C-python is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814007",
                "Comment": "postgresql15-1C-server is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814008",
                "Comment": "postgresql15-1C-server-devel is earlier than 0:15.3-alt0.p10.2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234814009",
                "Comment": "postgresql15-1C-tcl is earlier than 0:15.3-alt0.p10.2"
              }
            ]
          }
        ]
      }
    }
  ]
}