DSA-5623-1 postgresql-15 -- postgresql-15ID: oval:org.secpod.oval:def:98518 | Date: (C)2024-03-19 (M)2024-03-25 |
Class: PATCH | Family: unix |
It was discovered that a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
Product: |
postgresql-server-dev-15 |
libpq-dev |
libecpg6 |
libpq5 |
libpgtypes3 |
postgresql-plpython3-15 |
libecpg-dev |
postgresql-15 |
postgresql-plperl-15 |
postgresql-pltcl-15 |
postgresql-client-15 |
libecpg-compat3 |
postgresql-doc-15 |