Vulnerability CVE-2023-39418: Information

Description

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-39418
Published: Aug. 11, 2023
Modified: Feb. 16, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql15sisyphus15.4-alt115.6-alt1ALT-PU-2023-4805-1326806Fixed
postgresql15sisyphus_e2k15.4-alt115.6-alt1ALT-PU-2023-4836-1-Fixed
postgresql15sisyphus_riscv6415.4-alt215.6-alt1ALT-PU-2023-4913-1-Fixed
postgresql15p1015.4-alt0.p10.115.6-alt0.p10.1ALT-PU-2023-4815-2326814Fixed
postgresql15p10_e2k15.4-alt0.p10.115.6-alt0.p10.1ALT-PU-2023-4990-1-Fixed
postgresql15c10f115.4-alt0.p10.115.6-alt0.c10.1ALT-PU-2023-5633-3329540Fixed
postgresql15-1Csisyphus15.3-alt315.5-alt4ALT-PU-2023-4810-1326806Fixed
postgresql15-1Csisyphus_e2k15.3-alt315.5-alt4ALT-PU-2023-4841-1-Fixed
postgresql15-1Csisyphus_riscv6415.4-alt115.5-alt4ALT-PU-2023-5178-1-Fixed
postgresql15-1Cp1015.3-alt0.p10.215.5-alt0.p10.3ALT-PU-2023-4814-2326814Fixed
postgresql15-1Cp10_e2k15.3-alt0.p10.215.5-alt0.p10.3ALT-PU-2023-4995-1-Fixed
postgresql15-1Cc10f115.4-alt0.p10.115.5-alt0.p10.3ALT-PU-2023-5637-3329540Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
  • Mailing List
  • Patch
https://access.redhat.com/security/cve/CVE-2023-39418
  • Third Party Advisory
https://www.postgresql.org/support/security/CVE-2023-39418/
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2228112
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230915-0002/
  • Third Party Advisory
https://www.debian.org/security/2023/dsa-5553
  • Third Party Advisory
RHSA-2023:7785
  • Third Party Advisory
RHSA-2023:7883
  • Third Party Advisory
RHSA-2023:7884
  • Third Party Advisory
RHSA-2023:7885
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      15.0
      End excliding
      15.4

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top