postgresql:10 security update
エラータID: AXSA:2023-6326:01
リリース日:
2023/08/10 Thursday - 10:38
題名:
postgresql:10 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、schema_element として設定した SQL 文によって
search_path の変更の保護を無効化できてしまう問題があるため、データ
ベースの管理権限を持つ認証されたリモートの攻撃者により、細工された
データベースを介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-2454)
- PostgreSQL には、特定の状況下で誤ったセキュリティポリシーが
適用されてしまう問題があるため、リモートの攻撃者により、不正な更新
や読み取りを可能とする脆弱性が存在します。(CVE-2023-2455)
Modularity name: postgresql
Stream name: 10
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-10.23-2.module+el8+1653+a9e9b317.src.rpm
MD5: ecf3aff99314c4243952b7d106286346
SHA-256: 11dc2d5de8d07437dabce859881e7ba7e361c554fcc12c69d4aa4c222eaa1715
Size: 34.21 MB
Asianux Server 8 for x86_64
- postgresql-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: aca6671b434af39cd037501fd39c69b0
SHA-256: e4f11bba1ed20f9f08341e84ef878944456300643257208d21beed126f4ba0ff
Size: 1.50 MB - postgresql-contrib-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: cd4f8e79d961d0e1176dd04cff8a7b22
SHA-256: 7e14599ea35b3823fa65f43606e02bd6b630dc16a939ae315a4e0f875c0b4f95
Size: 810.04 kB - postgresql-debugsource-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 4433e597db91de38619d27b42669796b
SHA-256: e27103086b710566e37d63e78280e84d99b91e5b1764c03ba6481c62fde21dd7
Size: 14.59 MB - postgresql-docs-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: fe4c10431171ba3a1e116455e78eb482
SHA-256: f0e97659a5c85d76903a2bfca2fd0bfa1deed0f2b019117814cf640d36381fff
Size: 2.23 MB - postgresql-plperl-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: bb6b937443c5a373f5b76748398419dc
SHA-256: d989a0450ee9a6721352733af256e3731f47062ea6088eeac408e57c1b16038a
Size: 101.63 kB - postgresql-plpython3-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 286cb2977c702e6357fe6a29ff89e8d4
SHA-256: d2426bbfb6a2968d7fb5e7d1f9f3b106d17044fc53e56971e4d6b98e70387e13
Size: 121.43 kB - postgresql-pltcl-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 4a8b3632fbedad118e11521850d8b361
SHA-256: 30429443f1563580270446027c03704167c78665e6099a4ff96b068aabbe7240
Size: 77.63 kB - postgresql-server-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 03a7f2564f3a10eb5f38a7f8017be80b
SHA-256: f4f936f5fb2e910f9d72ebe71ef9d4b57cfeacbc46eced872d18952bc4ceaafa
Size: 5.05 MB - postgresql-server-devel-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 62f8d1946d663a066f8b845cad86f178
SHA-256: 25595f1d90f23419a6ea5919e873683b2165a26f038f160308ae9942416f3872
Size: 1.16 MB - postgresql-static-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 91f01f4b129e338982e0a0e3e7590de4
SHA-256: 339b173be85e09d991decaf2af9c47deb04d1799e565c8ff99c6fe92b80a02d4
Size: 126.44 kB - postgresql-test-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 1ba14cb3e05d0698e117653b85de2439
SHA-256: 2fc9ce0869dc182b116729f62b2e0dc5e8bf7ce72fb168bd499884f86255d87f
Size: 1.68 MB - postgresql-test-rpm-macros-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 2ea64f85211d283e46c4adfc0597cc8f
SHA-256: e6ab1cc810834427877cf5f3c4da76e48773078bb9f7cb04f90792d2e3bee7d1
Size: 48.87 kB - postgresql-upgrade-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: b756f6a0638399df6e11d2eb88702e2c
SHA-256: 0fbab6a31243a937bb417ad425bde434852dbb15f8efe302a9c17f8170c6e8a9
Size: 3.34 MB - postgresql-upgrade-devel-10.23-2.module+el8+1653+a9e9b317.x86_64.rpm
MD5: 96cdb4b5d7aaebadb46d155c14c3d493
SHA-256: 3b857b819f1fc78af5f1a14ec69866722e1d8436b571288b182756c9eb5ba3d3
Size: 760.26 kB
English