pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2023-1777/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

157 lines
6.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231777",
"Version": "oval:org.altlinux.errata:def:20231777",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1777: package `postgresql12` update to version 12.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1777",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1777",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03024",
"RefURL": "https://bdu.fstec.ru/vul/2023-03024",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03247",
"RefURL": "https://bdu.fstec.ru/vul/2023-03247",
"Source": "BDU"
},
{
"RefID": "CVE-2023-2454",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454",
"Source": "CVE"
},
{
"RefID": "CVE-2023-2455",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql12 to version 12.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03024: Уязвимость компонента Schema Handler системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2023-03247: Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код\n\n * CVE-2023-2454: schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.\n\n * CVE-2023-2455: Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-05-10"
},
"Updated": {
"Date": "2023-05-10"
},
"BDUs": [
{
"ID": "BDU:2023-03024",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2023-03024",
"Impact": "Low",
"Public": "20230511"
},
{
"ID": "BDU:2023-03247",
"CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2023-03247",
"Impact": "High",
"Public": "20230511"
}
],
"CVEs": [
{
"ID": "CVE-2023-2454",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454",
"Impact": "High",
"Public": "20230609"
},
{
"ID": "CVE-2023-2455",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455",
"Impact": "Low",
"Public": "20230609"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231777001",
"Comment": "postgresql12 is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777002",
"Comment": "postgresql12-contrib is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777003",
"Comment": "postgresql12-docs is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777004",
"Comment": "postgresql12-llvmjit is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777005",
"Comment": "postgresql12-perl is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777006",
"Comment": "postgresql12-python is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777007",
"Comment": "postgresql12-server is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777008",
"Comment": "postgresql12-server-devel is earlier than 0:12.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231777009",
"Comment": "postgresql12-tcl is earlier than 0:12.15-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink