postgresql:13 security update
エラータID: AXSA:2023-6336:01
リリース日:
2023/08/16 Wednesday - 06:37
題名:
postgresql:13 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、schema_element として設定した SQL 文によって
search_path の変更の保護を無効化できてしまう問題があるため、データ
ベースの管理権限を持つ認証されたリモートの攻撃者により、細工された
データベースを介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-2454)
- PostgreSQL には、特定の状況下で誤ったセキュリティポリシーが
適用されてしまう問題があるため、リモートの攻撃者により、不正な
更新や読み取りを可能とする脆弱性が存在します。(CVE-2023-2455)
Modularity name: postgresql
Stream name: 13
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.5.0-1.module+el8+1655+91b0723c.src.rpm
MD5: 259a87eafeadf0f8cfbe4fe729851c88
SHA-256: 85978bff180abe69bc6edb1803f1ab0d53929598931597741f0c42cf1a25f942
Size: 42.60 kB - pg_repack-1.4.6-3.module+el8+1655+91b0723c.src.rpm
MD5: 6bc97c2bb6f49dff34feed8b7cfe61cc
SHA-256: 9bd9559d2521b069a13c70e135e08b179dbac7083594e1e791093fab68c51b33
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1655+91b0723c.src.rpm
MD5: e79fbae29989f119deb1c2707e96bd62
SHA-256: 60556057b7bb618ff844d5ab8edd0a23ba4d3f07035ea358357bde0efc1f1e24
Size: 21.13 kB - postgresql-13.11-1.module+el8+1655+91b0723c.ML.1.src.rpm
MD5: 8fea80a3c1859395a4e5a5f5b4ea48bb
SHA-256: 68f9445c2a2ffbd74ec539bcfc2a9487036e39acf66d9f3e3a3c23bbc73af856
Size: 48.18 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1655+91b0723c.x86_64.rpm
MD5: de4a544f92e7539fb8a1f971329269ff
SHA-256: 8b4b62676efdf9c8f62754134cd03901c74119d5f24eb247c6ccdcf7b2c16308
Size: 27.04 kB - pgaudit-debugsource-1.5.0-1.module+el8+1655+91b0723c.x86_64.rpm
MD5: 0f235cec47c0106c98a9236155c30cdb
SHA-256: b15c39fb94cab24aefc3eb986e5fd708c8d8e726d1c8203b8c4c035f46d7b29c
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1655+91b0723c.x86_64.rpm
MD5: 50260d34cb2b8a5ce0debb90e0f545df
SHA-256: 82b1e397b8252ccd11baec06773417c94849bde3efd6ab190ec77eb34341ef29
Size: 89.54 kB - pg_repack-debugsource-1.4.6-3.module+el8+1655+91b0723c.x86_64.rpm
MD5: dddbdcaf5af33f5264815fb0994f30d2
SHA-256: 18d74999cd94b807245fb93ae63b4607e3a0bb6691553e9e47d30219a99daf0c
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1655+91b0723c.x86_64.rpm
MD5: e120b5615e04cc33ba737ccacd4d65d1
SHA-256: 8a241576cd2276164ea922410a74b6a74fbf7a27d23ef1c7d067e119d0067aa5
Size: 21.91 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1655+91b0723c.x86_64.rpm
MD5: ac88e9dc21f6dd96daa085ebc1e127c0
SHA-256: b888dbdf3d31f9e4a1b1d041c4dbbab73ef039d598af4035730cc605567c5c09
Size: 16.81 kB - postgresql-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 0e377d39afa55418761561440a2759d5
SHA-256: f613188a79e7bb24e09d6429b86be7c941508bfff66454d7f5fed775defaf4ae
Size: 1.53 MB - postgresql-contrib-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: ebcff6ef5dce935f07755b4ffa6157f4
SHA-256: a387483a4ce9176afca45b3faf973a9f6417017e0f84ce2925a970f3400f64b3
Size: 880.96 kB - postgresql-debugsource-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: f71653fddb7297b84b165b0c6ceb4881
SHA-256: e91ee5fac20b74784515cefb51b7baa97a61b2bd5a7986316d9f4040993db006
Size: 17.67 MB - postgresql-docs-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: aa7dfe61570ad837b1fadd92ba5f4bd5
SHA-256: a353c843df3c944ba5f5b5e37ed6cd347fa34a0554be01e1f0682186da087b7c
Size: 9.75 MB - postgresql-plperl-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 36cac5aed6dce661f8f265cc809cfedf
SHA-256: fb0fdb354aa3fff3065fbd363321e65fae33b050a506f9f6bdac4c8c637248a3
Size: 112.22 kB - postgresql-plpython3-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: cf5250f3bd7a7ddc54a16a1c785fef8e
SHA-256: 8d3f923482ffbe05bbd7ff23db2f67ce8c9ac0a67a85299ce10bc9adca2ce8e4
Size: 128.89 kB - postgresql-pltcl-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 91035c5a82bc7d690da0d73160e5d9a1
SHA-256: fa93461e466eda30956ed71c561cd1bc234f16170d19e0decf88577a0ed6ab3f
Size: 84.94 kB - postgresql-server-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 417a43c2a3f858c7c7a939041390fe44
SHA-256: a3cad6515cc85bc78b3fcacde17c30eda20aa35d37a772c8f67abb51666aa7d2
Size: 5.56 MB - postgresql-server-devel-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: bf2af226b834685f5de3ad441dbcb0ba
SHA-256: 986946bcc5c4a33327325f90d31fe3cfa7870a6d545d412cc2a56322f2aba24e
Size: 1.25 MB - postgresql-static-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 036dc42dd0f253742bdb243949e524ce
SHA-256: 0a18920e4508d5abfc09d28a50ab19c0d4ace0faad7285974b1b8fd777d6fca0
Size: 189.30 kB - postgresql-test-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 7bfb92f494d485c2da4ed8ee5114549d
SHA-256: 4b81515cc3fe52c15ce8b8712fa850a7c38cf2232a3efb87c3ad5d0d79bc53ad
Size: 2.02 MB - postgresql-test-rpm-macros-13.11-1.module+el8+1655+91b0723c.ML.1.noarch.rpm
MD5: 8a3bfb0faabb7ff415810dcfd508395c
SHA-256: 402cdfc85c64f8e06111e8fd0b5235860302bcad2df3bbfaed32d08cb214a1d9
Size: 52.58 kB - postgresql-upgrade-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: 67c8e3c5b7fd7748d48f1ace01a956a4
SHA-256: aa83a0da9a7c1c30f00a58bf2f2db6901657e752fd640d9e5f2014967559e1be
Size: 4.37 MB - postgresql-upgrade-devel-13.11-1.module+el8+1655+91b0723c.ML.1.x86_64.rpm
MD5: d2c8bbdcc28b4e073ce09a5049560fbf
SHA-256: c461877ca78cefcdc0974e617bd8175e9c5d8a14821ad1dfc82ae17718727326
Size: 1.10 MB
English