postgresql:15 security update
エラータID: AXSA:2024-7391:01
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)
* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)
* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)
* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CVE-2023-5870
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Modularity name: "postgresql"
Stream name: "15"
Update packages.
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
N/A
SRPMS
- pgaudit-1.7.0-1.module+el8+1711+b42a2df7.src.rpm
MD5: 00219537344a502fee63372a455e5b0f
SHA-256: 068f3e52f4e213d3a63c9776307ea1f8173d09d0c78b0e240bf99de3a1f3d040
Size: 52.57 kB - pg_repack-1.4.8-1.module+el8+1711+b42a2df7.src.rpm
MD5: 75947fa7a0498d0de039f341bb563d55
SHA-256: 07a11833497ae62abcd11943aed3cbe27752aa950048dc89f8f4607f679ed3e0
Size: 102.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1711+b42a2df7.src.rpm
MD5: ddcb5df0b6622cb6c6c16c1a3730ca98
SHA-256: 14aad41843fa866fa64cc6493d79d7bb51defdb3fa86f60133f973053650b9b2
Size: 23.30 kB - postgresql-15.5-1.module+el8+1711+b42a2df7.src.rpm
MD5: e56023c794571e23e1a976d3e45a0402
SHA-256: 765ad705c85edf7dc004d2db40d75f7e76bcf7cf9030ddc068a80a688e3cd92e
Size: 50.41 MB
Asianux Server 8 for x86_64
- pgaudit-1.7.0-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 5bdd8cbfdfe0d223e626e9303b3ccb38
SHA-256: 895a484724d4951bf39b3a798e58aeff3168b77a2f1b5667055357d4aed33352
Size: 28.33 kB - pgaudit-debugsource-1.7.0-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 072cd1882376873dc997b6c6c92befa6
SHA-256: 1f197776a394abe4f7eba1ec09c8143d413703984642d463393a906931e9577d
Size: 24.12 kB - pg_repack-1.4.8-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 70a32d3dd586e423db3e9285e5e992b4
SHA-256: 2ee5f9622eeee9ee49630382145293f270a7902816ec9c282ee704a83fd3c09a
Size: 94.12 kB - pg_repack-debugsource-1.4.8-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: a0d841b6ab302a74b91a8a4edfdb41ca
SHA-256: 969a004364f7fa905caf0ff2926865679aa9e7ec9dffa2957d905b9bd908aaf1
Size: 50.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 85280e4b913c92872d95fc95d891022d
SHA-256: 383a9c1d751dc37872c80d3f980158c811d6ad41ea6a956119589856d849bb64
Size: 23.82 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1711+b42a2df7.x86_64.rpm
MD5: d927b09b130c52d96391d5489426ea64
SHA-256: 4cdd6b7f2f66c5d0fd1c65f18048c20c63480c2c27a238b61525cb903f7a005e
Size: 18.27 kB - postgresql-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 17bc6c4ebad485c1241b4bc65155a19e
SHA-256: 14e3006a67a7b277991b8572f959091243f744702ccb9a89695d95d84060edab
Size: 1.69 MB - postgresql-contrib-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: a97955a1cc3dbabf358c2e7f58b91ebb
SHA-256: 119b4464658a90edf1289f1f83bb92b3a1f1f2f94db76d366c841693c24f7007
Size: 958.84 kB - postgresql-debugsource-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: a10f19d037f6ccce8fa0b1725baf5e14
SHA-256: 206153fcccf4171504038dc60f311e2e681fd7d507de0e08c26b2e357a3b81bb
Size: 18.81 MB - postgresql-docs-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 704f19c347b656a7502a6e4ba9fd761f
SHA-256: d88a70230adfb01447cc7384f8a5568a949357c9317239ab5f8a29d87e22e1b1
Size: 10.14 MB - postgresql-plperl-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 53075f781485a2f75765cb5a3ad8acb0
SHA-256: 6f133c64cd76a61a47d8540cf1b380378c40233453c7d8daa66683d7d710f47d
Size: 72.14 kB - postgresql-plpython3-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 47bee0f919ae3d52a7fc435c58fc460f
SHA-256: b7dd3daf29b4d1fd64206370057c3f6b7ee87ea980900fc5aeb405ea973ab381
Size: 91.75 kB - postgresql-pltcl-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: f76beac3572eb3cb8df1a13a6c5e0b28
SHA-256: 22f8de3321ebfb75452a79d08dc7212f90f3b93f3e6e59aea42513659f4d348e
Size: 44.44 kB - postgresql-private-devel-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 1620646de87936e9dd4107a2f9e67ad8
SHA-256: e806ac6ec4d2694731ec3485a6b7f3e93a075aad2b6b85b19fa3e6e142c31053
Size: 63.54 kB - postgresql-private-libs-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: f624f184d6726928ec7424742a1a36ce
SHA-256: 9fc2cd68756ffd61b998a26f8a20e3e34d87b9d5e1f01253c8c65ae15b47f9f3
Size: 131.44 kB - postgresql-server-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 9727fda85f338ea531ddab038d94a1a4
SHA-256: c4a2ed0f479dc6bbadc1522ff36f289cd29fd92b2f8745a349a0dc95f6e64ff5
Size: 6.13 MB - postgresql-server-devel-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: e50365ad5f4fe5cd342f3f94f46e068b
SHA-256: 34ba0fc497efbf83f0bd7cd14bff696f3f3fb87b7ad469787f9661b7057fde51
Size: 1.36 MB - postgresql-static-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 50d4f2fe4de1b625e39840a833f9c30d
SHA-256: e07fc0af9dfca1f09581843ee4795fd04213bbff68b21207c2f11768a8a6aeea
Size: 152.35 kB - postgresql-test-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: ca9f5792c254b111d3d0e9faa9642561
SHA-256: 03a0edcb8750350b5d0bcba9abd4f68baf946d50f52ac9ac808305379824f364
Size: 2.14 MB - postgresql-test-rpm-macros-15.5-1.module+el8+1711+b42a2df7.noarch.rpm
MD5: 82560df57bdf47f6b38ad05ca1a41364
SHA-256: b6d185318433cddcb2ad60a9735cc03b7dd43b634ebf915a2a7c16d7280b6e87
Size: 9.39 kB - postgresql-upgrade-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: adb4d04f8a6d7d3c8d3fd0c238b2ca3d
SHA-256: 8403b2efba20963ce96cd874c86c520144c3cc882721c3a98b036a1d1e401dfa
Size: 4.48 MB - postgresql-upgrade-devel-15.5-1.module+el8+1711+b42a2df7.x86_64.rpm
MD5: 69dd18ce7a1ee4d4e866fe56ba2fce8f
SHA-256: bd6499de9c693bfb7f7104df400f81d938b4bf98c0167b4a32261e24e5c83b8f
Size: 1.17 MB
日本語