CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes. Versions Affected: 11 - 15. This problem is quite old. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. https://www.postgresql.org/support/security/CVE-2023-2454/
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207576] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207575] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207577] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207578] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207579] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207581] Created postgresql:14/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207583] Created postgresql:15/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2207585]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3714 https://access.redhat.com/errata/RHSA-2023:3714
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:4313 https://access.redhat.com/errata/RHSA-2023:4313
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4327 https://access.redhat.com/errata/RHSA-2023:4327
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4527 https://access.redhat.com/errata/RHSA-2023:4527
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4535 https://access.redhat.com/errata/RHSA-2023:4535
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4539 https://access.redhat.com/errata/RHSA-2023:4539
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5269 https://access.redhat.com/errata/RHSA-2023:5269
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7545
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7580
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7667
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7666
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7694
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7695 https://access.redhat.com/errata/RHSA-2023:7695
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7772