postgresql-13.10-1.el9
エラータID: AXSA:2023-5280:02
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)
* postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Update packages.
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
N/A
SRPMS
- postgresql-13.10-1.el9.src.rpm
MD5: 8437f2280eefc073cd8482b95e883382
SHA-256: fd1e4c9a11980a1fb3906b011930a3d6fab33ba203426755e1bb123594ab2af1
Size: 48.25 MB
Asianux Server 9 for x86_64
- postgresql-13.10-1.el9.x86_64.rpm
MD5: 9a5aeca8945e55dea3ccb0244f012385
SHA-256: 9cd88cb384119269ddb060e9945700d7b1b7536a632f5004225bd3f23699964c
Size: 1.52 MB - postgresql-contrib-13.10-1.el9.x86_64.rpm
MD5: db1eec8d941f6e58637b35710aef5669
SHA-256: 6a7732d87dae2363eb5b2708a4dbca6bac3ff95fe8646908c4500ad43cebb6e4
Size: 810.10 kB - postgresql-plperl-13.10-1.el9.x86_64.rpm
MD5: 9929885225be2c0880c98db8ff48972b
SHA-256: 5e4b6abb34bcfb5e516db6bdd303f015d83734b511ea82cbb373ff98472c6261
Size: 69.18 kB - postgresql-plpython3-13.10-1.el9.x86_64.rpm
MD5: 098a6d33428b29c0015312ad6005d29c
SHA-256: df021124a5899b0f545720399503586bcb98fd589460c75b1b61b09d9417a972
Size: 90.09 kB - postgresql-pltcl-13.10-1.el9.x86_64.rpm
MD5: 965f37f5e44b97c269422de3ea9946ff
SHA-256: d3baa8ba8484c6fe4f658f05bb3a0eebd2b57aaa0ed87bee262f2e965c42ad33
Size: 44.56 kB - postgresql-private-devel-13.10-1.el9.x86_64.rpm
MD5: aa29c9bd69732ceb401acad58970d7c1
SHA-256: f65d85dc4a279fdedcd6229a4d0418a5ed24a5b94d7760ad88e4b43cd541b6f2
Size: 59.67 kB - postgresql-private-libs-13.10-1.el9.x86_64.rpm
MD5: d158eb7e6d27ed97a7f84c7da838089f
SHA-256: 432f946729e3f91ac7b23d34f692476b810407c003efcc117b3ca82894375a9f
Size: 133.99 kB - postgresql-server-13.10-1.el9.x86_64.rpm
MD5: 0edf9dbbfccaadc8a3eb7aced8f0cea8
SHA-256: 86047cae3c2c1c57af419d4b41df56035bcb4d3928d878d4dc5d18e424e18982
Size: 5.73 MB - postgresql-server-devel-13.10-1.el9.x86_64.rpm
MD5: 9c0d7fb98ffb570fe6a793bafe699cf2
SHA-256: 3942ce76f246a6aa35a536868f09383ad60d500af809e17adde43302b67f14ea
Size: 1.11 MB - postgresql-test-13.10-1.el9.x86_64.rpm
MD5: 076ecee25a38d8b3ca1ca55fa82991ef
SHA-256: b6426986d56e4ffd51d418520253492caec5de22657dbfd899e93e063a2120e8
Size: 1.41 MB - postgresql-upgrade-13.10-1.el9.x86_64.rpm
MD5: eb480f72d38b87650a43f588b0713bf0
SHA-256: 1ef4f2ccb7a6352bed1894f2aa5e95841f7bbf2c9ebff55c98443ded04158de7
Size: 4.56 MB