postgresql:10 security update
エラータID: AXSA:2022-3788:01
リリース日:
2022/09/02 Friday - 06:24
題名:
postgresql:10 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の Autovacuum 機能、REINDEX・CREATE INDEX・
REFRESH MATERIALIZED VIEW・CLUSTER の各 SQL 文、
および pg_amcheck コマンドには、オブジェクト保護機能に
問題があるため、少なくとも一つ以上のオブジェクトに書き込み
権限を持つ攻撃者により、 任意の SQL 文の実行を可能とする
脆弱性が存在します。(CVE-2022-1552)
Modularity name: postgresql
Stream name: 10
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-1552
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-10.21-2.module+el8+1511+65c91465.src.rpm
MD5: 2e34adc7bfc64e90e81e162e3e14d005
SHA-256: 13c410491eeedfe21d3eb965152d04008008b9035abfc333bf1fb708e8fd5a4c
Size: 41.34 MB
Asianux Server 8 for x86_64
- postgresql-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 4b42f6144c774320ed3234aea401d156
SHA-256: 59ff3494d805460bfffccc753d561a9f89109a2f58678b67e4881f358c615a34
Size: 1.50 MB - postgresql-contrib-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 78b318146f7a1e6bbc025e41fd13338e
SHA-256: 1a86ce876ce6f055063c1cb016f5f22b69838fbbb6b13cdca0c342870886cb1c
Size: 806.54 kB - postgresql-debugsource-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: cae915ecd690753f59c6943f085704cd
SHA-256: e919a1fe76376e725c5753845af1a7c7e1762041c89d0edfb38008881ddb906d
Size: 14.58 MB - postgresql-docs-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 53366c1e8f65a67dcddd4d93a7368f8a
SHA-256: d8cfc34c1a0fa416e3b0c56b9f6c2e3f4e860ac3cf6c068096165d4513d37074
Size: 9.18 MB - postgresql-plperl-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 118a58399e50b785b13bd21ab2c49ad3
SHA-256: 9386934180e93d9e1e7075399bbef08bb77ee53a4c2622d6bb535029bb134fb0
Size: 101.42 kB - postgresql-plpython3-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: f56546f5fd558c2df163c4d3adcd060e
SHA-256: aa8bcf8ff8d3b0bc469be343e70df304cf66ac40db88385b7ef6e04e4b8ed6f0
Size: 121.13 kB - postgresql-pltcl-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: e06584b74786436cf354d0d19b34d7ea
SHA-256: 72b7f3c5d576a8339cf2ebec01006a0eb45cbe02a0dac535eb6acecb2344f863
Size: 77.53 kB - postgresql-server-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: bb59234e3b230a627a07d1abcaa6a068
SHA-256: 788877a553c7cc979aa1b24770d129f40f64d5670aac43380f502eb44729697a
Size: 5.06 MB - postgresql-server-devel-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 439d1e78f147d7256b7574740c435937
SHA-256: 06f83b31c197bd8cf3f89d06d3ebf4cbc25d999afb2b917ecf9c9282df0d0059
Size: 1.16 MB - postgresql-static-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: f7344b4f9017a25181b4319f13141679
SHA-256: 49ae8e7785eb4aa327ac2e0a08c45f5a47cf4df5ad72080efd6f15ece2e4bf49
Size: 126.31 kB - postgresql-test-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: ca285b116bb39c67f9ce567c96d7f470
SHA-256: b050f02e9d342565a1504c6431d9489a304e84263b12ffd2a3975cbbe1343ef3
Size: 1.68 MB - postgresql-test-rpm-macros-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: bfb9df26252e8a8c12fcf07f41b80c52
SHA-256: 925b16ad490148246ebd04d5aa6d2142125ce22a433d21999c6c375dbd9db52e
Size: 48.75 kB - postgresql-upgrade-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 4e0ee466b8a85af3c44f97685e91790d
SHA-256: 1519684c43e3f7220a42eee87745565a1f616d32dc516dd7c2a43b440dd5d11a
Size: 3.34 MB - postgresql-upgrade-devel-10.21-2.module+el8+1511+65c91465.x86_64.rpm
MD5: 91f0da0b681f9bd7fb65d1c98aa11f5a
SHA-256: 52b7f23363476ec5f7a57d67a046f42730e1323864cbd0e11bcc2f8d2d5dcb0b
Size: 760.13 kB