postgresql:12 security update
エラータID: AXSA:2024-8743:01
Release date:
Monday, September 2, 2024 - 17:44
Subject:
postgresql:12 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Modularity name: "postgresql"
Stream name: "12"
Solution:
Update packages.
CVEs:
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Additional Info:
N/A
Download:
SRPMS
- pgaudit-1.4.0-7.module+el8+1800+cecf62f6.ML.1.src.rpm
MD5: 16088a409e0d043e9103ff1440d45962
SHA-256: 7a2f5911b4c2878937e6def2f4a81018a1ab258c25dd4f5a6d06770565a82b14
Size: 42.40 kB - pg_repack-1.4.6-3.module+el8+1800+cecf62f6.src.rpm
MD5: 355ccef327069dc1b41cf3c1e87a0859
SHA-256: fdc7f3aa86fc2b1b10706d6087943791917da04122682813b0a48eaf9eac35e8
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1800+cecf62f6.src.rpm
MD5: 9f0625864c0185cdb0fd093ac64bcb94
SHA-256: 88bffa48c771a3f5f297fc75ac8af59ae2b1b99291e7d864640e564a237efebf
Size: 21.13 kB - postgresql-12.20-1.module+el8+1800+cecf62f6.src.rpm
MD5: 03be77f20af88a4bfc02bc77360727c8
SHA-256: c0745ca9ee4cf4f01ee69b5a630e04685f3f6c711ae4a59ce3300bdfb9272ac9
Size: 46.64 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-7.module+el8+1800+cecf62f6.ML.1.x86_64.rpm
MD5: db9939964c20c84272a917f0ae0a6dc1
SHA-256: 12ddf5f4504d06d9514415ae33c69f96e2ded90e7726dd6e16fc3e534425c3ec
Size: 27.10 kB - pgaudit-debugsource-1.4.0-7.module+el8+1800+cecf62f6.ML.1.x86_64.rpm
MD5: 1e6b4de6d06711ab15b4561a197d19c7
SHA-256: 7e184d318432c8971b7587e90f2efff30b801a202049481d91f1af546f194a9a
Size: 23.04 kB - pg_repack-1.4.6-3.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 5eee2468c6221e7d19d642f0174efcb9
SHA-256: b384cda3d30ee80a0ac7d276075e020339e544d8cedc2545bbe365f665e69d77
Size: 89.19 kB - pg_repack-debugsource-1.4.6-3.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 702c158895ae8946bb97306de6038feb
SHA-256: 855bad01b13275e00a07e0d156b70547c87ee3d3477db0df40efedfb47a7c429
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1800+cecf62f6.x86_64.rpm
MD5: ae21a8ded150ac5b76b464cb240639f4
SHA-256: f5e772269af9f3f727b9ca989f0270ca7808cf9b008d5da0f0f71211995887e7
Size: 21.83 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 139cc530d6564cc6f577c96f31502b95
SHA-256: 9b524dc0c57946d8026c6ea825396214c79ee460989795f3419a7843951eaaca
Size: 16.81 kB - postgresql-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 5b0b64fd2d8040a8564a0718c409f475
SHA-256: 5f974dc2cacbb8c4a68024cbedc0647aeb9517833e111bd81abcd609b0bd9000
Size: 1.50 MB - postgresql-contrib-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 3c96b04b981015bd2c9c6276df63c700
SHA-256: 8813ccf997b8a657b8a71bcc54c2fa9a7f39b2d489d209d222685bb61ba91a5e
Size: 873.75 kB - postgresql-debugsource-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 98e87f0c08742b3eb345bb300ea1f03e
SHA-256: a0f8573867822a9556a6da096310c614691e42b16b34e770da6d7fe58cffde12
Size: 16.97 MB - postgresql-docs-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: f33a1f2c4c1a534f4569a6c0f90dfa30
SHA-256: 04ca44987c82be9a1eb739a4c695b5065ea252ff473cacf0417a578bdfcc710f
Size: 9.81 MB - postgresql-plperl-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 78ef607184eedbc415bb9625e553d857
SHA-256: 18a89b7b0208456abbb51b8770005b52956ee5c847ed756fa2bc79e8ddf9aa00
Size: 109.62 kB - postgresql-plpython3-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 54bf36590ed608862e2e82d1105eeea7
SHA-256: c050031679e419b5ab0b42ce528ee1567e713ee4002348529e37b2207b06d5b9
Size: 129.85 kB - postgresql-pltcl-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: fc0d9182d029205dec4da0f8afc4ec06
SHA-256: 36b204ada0926e50306372f356ed86f303653cf55ef503df6033f66654d7fc98
Size: 85.25 kB - postgresql-server-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: ee3dd705abd91b21910af73a82428873
SHA-256: 4d20992373b6ac83d8ed30daba2f56676145906b6daa5024f6855763991c6932
Size: 5.53 MB - postgresql-server-devel-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: aa3ffd3bec802bb14da9549d4e60f13e
SHA-256: e3ad3d9aaf03d55655d9365b240837e2b3c0a9d362bb2be435945c14495132aa
Size: 1.22 MB - postgresql-static-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 2353489ea3c7163b578a386b501dedd5
SHA-256: 2babc67fa7d89a60877b088c7db8a80e8823c014d13c4780c065ca0b6e8b4ff3
Size: 167.27 kB - postgresql-test-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 6f1b9641b775a37e0b0a5bcb2be68f16
SHA-256: 323a6e4627b578a34be2e081225a557fd97239da059bc62d324172ac5890ca7f
Size: 1.95 MB - postgresql-test-rpm-macros-12.20-1.module+el8+1800+cecf62f6.noarch.rpm
MD5: b044d5d4550680a556d4d92114e5c430
SHA-256: 7cb8f85d0c19af8dd8f6b23dab03ca519a30015420f87e2105eeeb90bfc4ab29
Size: 53.01 kB - postgresql-upgrade-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: bc27fedc474ec5124b39913d1985534d
SHA-256: c9b7901d3667fd738c0902198bf78eacd6b2810a1d66c30fa933d235670f7f77
Size: 4.07 MB - postgresql-upgrade-devel-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
MD5: 430a608a46f186c13c2539c94b8478bd
SHA-256: dbf3cc5cf85bcefd2556c0877754dc296a4fbc0c40fc52d388d27cf8fb552981
Size: 1.13 MB
日本語