postgresql:12 security update

エラータID: AXSA:2022-3939:01

Release date: 
Thursday, October 27, 2022 - 00:15
Subject: 
postgresql:12 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Modularity name: postgresql
Stream name: 12

Solution: 

Update packages.

CVEs: 
CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.4.0-5.module+el8+1536+a61fe1ae.src.rpm
    MD5: fd4a14376ddb9677b3941e2a2450d900
    SHA-256: 822938350add018cc66c45f35bc61014ea96845f8e2352ff6625905bc0405be8
    Size: 42.07 kB
  2. pg_repack-1.4.6-3.module+el8+1536+a61fe1ae.src.rpm
    MD5: 88e9bfa28b5f79f8004fcfc0da2f6fb4
    SHA-256: 86c9c3b454d355533d40f7d8145873c10d26330e0d7da10754c87c0d23b7901d
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1536+a61fe1ae.src.rpm
    MD5: 7ab151fcd00825c850eee46323df97a1
    SHA-256: e6c80b16bacc3e96e11e7516141542978269cf7c7f55f31c9609735f51598311
    Size: 21.13 kB
  4. postgresql-12.12-1.module+el8+1536+a61fe1ae.ML.1.src.rpm
    MD5: d116425a48b92e53213868030e85ba00
    SHA-256: e02d268409630057a16304ed376f822a55fa8fbefc047d931432fc0117c9ce66
    Size: 46.31 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.4.0-5.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: 77c15fd7592a9da3f10135cb1a9e164d
    SHA-256: 99d377fd0ec45048ea26729f4f08a1c443abb69ae2e57797676c244766435b2d
    Size: 26.88 kB
  2. pgaudit-debugsource-1.4.0-5.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: 953d38a426686a52333601639da5a89f
    SHA-256: deaf5c645e06f16631d44a22f750be15680795e5d9cfbb028d96fd79299dd05b
    Size: 22.80 kB
  3. pg_repack-1.4.6-3.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: 84fc29750fdab986b10cc98c1a77b7be
    SHA-256: 1c54bf4e156b0131a479dccf2c8452480f473382aad04f6073b33b3cf4c23149
    Size: 89.14 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: 73685c2ff5a977ff653390685bbde1bd
    SHA-256: 549e891ad7c67edd58edb3beaa4c1d129f594903ab6391d8fd9c41d7727e164c
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: aeeefc1268e4532778c861819df16051
    SHA-256: bfa09aad34145ecd64d3ea27cd11b75cf4dba5e0b3e59416f7e49a91fe781aec
    Size: 21.83 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1536+a61fe1ae.x86_64.rpm
    MD5: 2df94237a0cc88cb5a1dd886a5631e51
    SHA-256: 772fc4b033939f505a6846f07dc49a549a0895fd7ac196e801947608f648a9f5
    Size: 16.81 kB
  7. postgresql-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 7f945c2e23e3eec9cfeb41a706c9c8cb
    SHA-256: 778a43b5e3df823013188443d9f6aead55feaf6fb45a3620aed0b23a3f3e2a19
    Size: 1.49 MB
  8. postgresql-contrib-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 0b60c1ad0c450af304fa15492a3b359b
    SHA-256: 2346db5b3ae63e68053f16e81089e353f45b7ffca6fd85a40f844b4980da44d2
    Size: 869.51 kB
  9. postgresql-debugsource-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 385ef70df6b61f486bac974c7a25273f
    SHA-256: 7c68b5566aa235d0e969eb9fb0245d9728b006edcd2ca55747422fbbd3396070
    Size: 16.92 MB
  10. postgresql-docs-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 98a1adf217cc76615b41256500263146
    SHA-256: ecaf54cc92fbd3e7838bd7ad80d635167e7b152ea20056626852af25dbf1c445
    Size: 9.67 MB
  11. postgresql-plperl-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 7a9c159750804449df5a92c97c52a3dc
    SHA-256: 0c3342af6dbda4fa52c9e6b4199f0dc18ea1adc95947cedd3454304632169c2f
    Size: 109.28 kB
  12. postgresql-plpython3-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: b9f054e4aad4dbc25d451aded252949d
    SHA-256: fe767af654edec48c36a579edae097c45e7fbe8da651540c91f6cf93982991d5
    Size: 128.97 kB
  13. postgresql-pltcl-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: e0765184bd1094f7f0ff7dcfe1d65b21
    SHA-256: 0bb7d066467983ba6c6c8e30c175a4be127b06360a80eedd326879ae519e4e3b
    Size: 84.87 kB
  14. postgresql-server-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: c4bf959ee778fe38ab1f09b6e7338328
    SHA-256: 92e974705280753e8273ce7f7e7b0abaa0a2b527db260f865785c54a63e5c4f1
    Size: 5.57 MB
  15. postgresql-server-devel-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 67228c1b7cc4972e0e8e852e3f868a6b
    SHA-256: 5f3f4047da12ca6e44536c4be4217ca07465a5bbfaca61e03cc3329cc6783029
    Size: 1.22 MB
  16. postgresql-static-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 054457ac12a7a07026a0cee61fb29116
    SHA-256: f6fbc5e00691a4a0dd71a0de7699bcb9bbf4684df6538f469b488433a43362bc
    Size: 167.11 kB
  17. postgresql-test-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: ace00ee8f33d4856ef5fb5cf32b5ecde
    SHA-256: 557f514c6c61f4f88d15be9236752889a6504a001165388f920633c3a277f4f1
    Size: 1.93 MB
  18. postgresql-test-rpm-macros-12.12-1.module+el8+1536+a61fe1ae.ML.1.noarch.rpm
    MD5: 5a129476038b9963c1331c1511dfee84
    SHA-256: 0dadae914e525888fb1a56d5900e28a2a79c30267c09b740adce19384c4f991a
    Size: 52.74 kB
  19. postgresql-upgrade-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 47deb6e7685881954b18375832901fd3
    SHA-256: 80d8805d7d71ff91218657089999394ac3397f8f9459306b6d79b9711cfe30ab
    Size: 4.07 MB
  20. postgresql-upgrade-devel-12.12-1.module+el8+1536+a61fe1ae.ML.1.x86_64.rpm
    MD5: 7dcc442beb59741f78d31c5a258366f9
    SHA-256: 689a6cdf3b471090d950c06b2a2a251ea9465943422acf7080cde00bf7edba8c
    Size: 1.13 MB