postgresql:13 security update

エラータID: AXSA:2024-8738:01

Release date: 
Friday, August 30, 2024 - 18:02
Subject: 
postgresql:13 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

Modularity name: "postgresql"
Stream name: "13"

Solution: 

Update packages.

CVEs: 
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.5.0-1.module+el8+1801+7e07b1dc.src.rpm
    MD5: 5c66ebbbcc1073a7c3aa29f94fd72721
    SHA-256: 0ca307d5e9c61b4965a1ae90ab377d3f6d588b66b41412a4e3053548f33d0f95
    Size: 42.60 kB
  2. pg_repack-1.4.6-3.module+el8+1801+7e07b1dc.src.rpm
    MD5: bde680a874db03bf819cb68b70cbfdf3
    SHA-256: 6675e9d39ab480a8f1cdd712aa4dca18ac2d907dbd2cc0a9383e63e2f4eaffe4
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1801+7e07b1dc.src.rpm
    MD5: 3ba70a0bd97d483d0f44e103629a76cd
    SHA-256: c7f959f99736bd12e5421cf65f82e0160164892bc955b9879bc4f2320dc782b2
    Size: 21.13 kB
  4. postgresql-13.16-1.module+el8+1801+7e07b1dc.src.rpm
    MD5: 58029de16e9536932426cb93b34675a7
    SHA-256: b797bcc882cfbc9a07636f497a0c67b1c8756d1217e4a1164737263eb1e88096
    Size: 45.24 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.5.0-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: f5e29d6c6d604d25082028e976193ac1
    SHA-256: ecf920622956a5a789e69731c04c9b995b04d412973530fb68a51545487a577c
    Size: 27.03 kB
  2. pgaudit-debugsource-1.5.0-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: b63bb0acd737d96c603ee8dbac4eb00d
    SHA-256: a3e440ff6f87b8eab222072fab64515710446ac46178c000689d0dba7c2fe113
    Size: 22.80 kB
  3. pg_repack-1.4.6-3.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 482b066ecf35937a50d3a92eb2329b97
    SHA-256: cfff2dc8d3ca2ae66af684f093faabaff3e3e8bb1950f701038bb12193c451fd
    Size: 89.54 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 2bf7375d617169920465d69d4f553750
    SHA-256: d85fafc2007ac21d253cc30f9ce15f8d0129d275319e44ddc3e1b2f7cf0eb302
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 5963069fca78f2dd68ea0bd9519027c0
    SHA-256: 0e9d7a0a94e21cf23a9e94077558c75fd4258d7356ef8cde020965e7e8da79c5
    Size: 21.90 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 281321cfb55478bf0866d1d2da3c01e7
    SHA-256: b4002d3a9734719efe8d9ce77ec243401c15ad2cd8aaee5ba15a3149ccb0be9c
    Size: 16.81 kB
  7. postgresql-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: a5028f9f5ff73e659c6d3f6a69254c60
    SHA-256: 0d6847f618a624844d1cbfcb0b8bf3c7d22e0bfd45c9bc1875f17aa938841807
    Size: 1.53 MB
  8. postgresql-contrib-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: aeb77b5ec9b653cb32e2ff10480b7edf
    SHA-256: e1eee37f7f27bfcc3269be0d9546c96113074498b368efa5184ff1e9894ee5aa
    Size: 882.20 kB
  9. postgresql-debugsource-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: f3e5dc56378ac52b0f3790fba898bfb1
    SHA-256: 741341a3c5e923f28cbd9b41ae83c44f4582e03219c3786bc92937240e4ab5e4
    Size: 17.84 MB
  10. postgresql-docs-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: b63f145eba42db451b168e48799a857c
    SHA-256: 6cf11466493b1015e5878c424113bce1ca80cb882b5afb0c9228df00aaa7a977
    Size: 6.56 MB
  11. postgresql-plperl-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 1a245cc16b0391c7b96d085909b24064
    SHA-256: 0c4a27f6cdc43327c1f47d7615c1c651548a77fa83c26789ee3a0fcc1aae42df
    Size: 112.41 kB
  12. postgresql-plpython3-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: af3c07e31dc12601717f4f408c2df651
    SHA-256: 3be2f4f95d59ba6dc20635aac65dd3d7a7eb22012eadd3a3eebd54f7db2964ca
    Size: 129.04 kB
  13. postgresql-pltcl-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 7799f1607936dddcd0050317b348073a
    SHA-256: b07069e9c5ff71d79b07b5037ec762a36fe843aef76c32ae24dc097d9282cbe1
    Size: 85.62 kB
  14. postgresql-server-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: ad830dffe53290cd555ab1ae858a797f
    SHA-256: 9b2ed4bd915eca60d7afc3d756128981f4081b1473b64b59d964c49e974b3118
    Size: 5.60 MB
  15. postgresql-server-devel-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 60025b86fd992b103e2d92706786e9b8
    SHA-256: 4b509fbcdf84047f46f10d97e0c02270834aa4794c31edb44348618fbeba4edb
    Size: 1.26 MB
  16. postgresql-static-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 1f1ceb5ecc2e916775297903221673a8
    SHA-256: 791949067f1d5a41b8d886a4a16417ed984db38a07ce184ba08876af27d1b5b3
    Size: 189.59 kB
  17. postgresql-test-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 307fbe0b562cfb28072c4285f4b06fe7
    SHA-256: c3d835cd5e9cff37b012c83c4880351642294ae0b3e7769ef17a2d48d50f9971
    Size: 2.03 MB
  18. postgresql-test-rpm-macros-13.16-1.module+el8+1801+7e07b1dc.noarch.rpm
    MD5: 54aecbb2f92b5f3c70be667bdffe1a06
    SHA-256: f28634cb770e679a83df9c80dec2690f6f7fa35dc66bf780cee6cef84b731bce
    Size: 52.87 kB
  19. postgresql-upgrade-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: 626b9307309a573094d69e1161abad5e
    SHA-256: 41fa0b3c956074bf72a7b73a356c8354df98f591d372ffe76c23711e867334fc
    Size: 4.39 MB
  20. postgresql-upgrade-devel-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
    MD5: ebe0a251ebd7aea2b4461f7a4ff07802
    SHA-256: 2bcd2e6b7e76d8400068efc3ee66aa2a273d92d288fb57063b43f74bfd71110a
    Size: 1.17 MB