postgresql:12 security update
エラータID: AXSA:2023-6338:01
リリース日:
2023/08/16 Wednesday - 07:41
題名:
postgresql:12 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、Kerberos トランスポート暗号化の確立中に終端
文字の無い文字列を送信してしまう問題があるため、リモートの攻撃者
により、改変されたサーバーや認証されていないサーバーを介して、
情報漏洩を可能とする脆弱性が存在します。(CVE-2022-41862)
- PostgreSQL には、schema_element として設定した SQL 文によって
search_path の変更の保護を無効化できてしまう問題があるため、データ
ベースの管理権限を持つ認証されたリモートの攻撃者により、細工された
データベースを介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-2454)
- PostgreSQL には、特定の状況下で誤ったセキュリティポリシーが
適用されてしまう問題があるため、リモートの攻撃者により、不正な
更新や読み取りを可能とする脆弱性が存在します。(CVE-2023-2455)
Modularity name: postgresql
Stream name: 12
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.4.0-5.module+el8+1656+f1cf194e.src.rpm
MD5: ce28226ee24337b709646466a23ee804
SHA-256: b4ed1975729f4ad2abe4de74b1c123549bd78d6ca3310cbdb755d2d91d7eacd5
Size: 42.07 kB - pg_repack-1.4.6-3.module+el8+1656+f1cf194e.src.rpm
MD5: cc0f64177ef9ad2fe4977de1bae60e10
SHA-256: 6c80d628bf5e7c8c7d3328a75b55b8527b47a56765a32a0f1376f5b0e25a3123
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1656+f1cf194e.src.rpm
MD5: 0b88873e9ad077e7181e4587dcee80c7
SHA-256: 098c920bd347a8fe09bbb6c74bf7b886362656061a69329a957b050c77c819b5
Size: 21.13 kB - postgresql-12.15-1.module+el8+1656+f1cf194e.ML.1.src.rpm
MD5: 04a8f4cc01fdd0c2c88d809865b2af9d
SHA-256: 1e747cc69489febc809b8159cfe917d9741434e4b51ab76946eae3872c396af7
Size: 46.42 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-5.module+el8+1656+f1cf194e.x86_64.rpm
MD5: 0a4e8080287818538697fe1bb6078993
SHA-256: f0966981bb54f169ed606340767c0242707fb2c022efd3d6f9013f4952529fab
Size: 26.88 kB - pgaudit-debugsource-1.4.0-5.module+el8+1656+f1cf194e.x86_64.rpm
MD5: 27f4f1754326defe0a69d687299dd807
SHA-256: b7b2dc185ec0a0b64e9a6aade85d9a4884b84df5e6b6146457d3fe8dbb24d14a
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1656+f1cf194e.x86_64.rpm
MD5: 7788858cc54a3e500358d148fee38c35
SHA-256: 591acfe58ebca9c2a8cf8c9be3c12ee7cfd2ec5df19165fc15b43c73bfee581c
Size: 89.16 kB - pg_repack-debugsource-1.4.6-3.module+el8+1656+f1cf194e.x86_64.rpm
MD5: 7a95acb360453256820e1ec7dc4e3701
SHA-256: 73367b046a50924cf3840d599116da99a757eca67ef4b7c3e5c7282c4be1c7d6
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1656+f1cf194e.x86_64.rpm
MD5: acd361b563bda334e537e8f33afec031
SHA-256: 1f0966ee5b53a31cd56ea6c6f5987d423f1303a31587eea193214dee651df591
Size: 21.83 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1656+f1cf194e.x86_64.rpm
MD5: 05a2cc3c3387af4f75621c710de80d9f
SHA-256: c2037fe7fbd3dea28811e14a7e51e5f4a1330c3c52c91c2f9ee4ac8a3f5819c2
Size: 16.81 kB - postgresql-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: d28f26bce9d8f4d2a813ee1476bed394
SHA-256: 18ab2e8603d3970db86874daca361dc77bd28a31038041dfbdfb8a801851d2a6
Size: 1.50 MB - postgresql-contrib-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 06efdd886113f7756f27fa3776107257
SHA-256: d74fb1c13a9af1ee2ee77ee03fa5dd20bf26b04cb7d793970f0b7d01c5c3b850
Size: 873.00 kB - postgresql-debugsource-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 282d8bac664bcef8dfc24e5c65207a56
SHA-256: 8eab75738644ed2c1cb2dd02740ab142750177ef4c305cfb767318f6c53dba64
Size: 16.95 MB - postgresql-docs-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 2056ac6ed3969389ec83dfbaad849a3f
SHA-256: bc50f82e7fe6bf8d9e1e6f7fc6b7fb6210b0fad371a4a64dd8f9902e826fde42
Size: 9.69 MB - postgresql-plperl-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: babe06f64fdba503c604f71cf649c3b6
SHA-256: 8bb7590f8aa30c1976f3ee26170b5fd95dec01c9bcefb5a63d7d914a3e46104c
Size: 109.37 kB - postgresql-plpython3-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: bc258b560b30d68a03615e0d1c834016
SHA-256: 1dfc4f8df6de9c0ee5aac96c9ca0789f773ff7ee95ec161adbb1fb0cd1756712
Size: 129.54 kB - postgresql-pltcl-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: f3f137987478708685c705e1ba1e9324
SHA-256: 0739e5c41e98f58cb5201680b5c5e3b16389cc1962070fd568bb20b4e91e2922
Size: 84.81 kB - postgresql-server-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: a17ddf523fb0adbe73c859767b697e35
SHA-256: 7c1f6cea8a004c452057b4630ed426191746237d2034d9660a18fa27c6aa8765
Size: 5.52 MB - postgresql-server-devel-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 8c000d1b5b7df73799467b31ea5b9390
SHA-256: bec7972ccb8eea1b43feb9a62ffafe38190d2c2082246fc286f6d08128f6a812
Size: 1.22 MB - postgresql-static-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 2885676d3847a9de119c2aa0ba35b82f
SHA-256: e99acfe6f130c7296a38f9153477f73eef72f94c77fc0938737cff8208ac64ea
Size: 167.07 kB - postgresql-test-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 7feacacb26bb5b1ef15b68360465f547
SHA-256: 9091eb30880e800a7aa0dab700d744f3437f1e06b6cf1a0ccec934a28b4e3f8f
Size: 1.94 MB - postgresql-test-rpm-macros-12.15-1.module+el8+1656+f1cf194e.ML.1.noarch.rpm
MD5: c2ec15fc75d46ef3a84e1440021fcba4
SHA-256: 8fdc436333c8fbad83a547f89dc2a638a06e1c1d445e030d63ef74a9fc7be66a
Size: 52.76 kB - postgresql-upgrade-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: 3a4b2450b4e9ff9f83b4bc6d0fc6acea
SHA-256: df416ce85a2a56051c0a6de28c0fa5d1217de6c1595fdab13a85e75dc51c8b4c
Size: 4.07 MB - postgresql-upgrade-devel-12.15-1.module+el8+1656+f1cf194e.ML.1.x86_64.rpm
MD5: c694fbde5c0954c0b413c5fb9212bcb7
SHA-256: fe79cb560ce518c7e6f1563f8e37498be7524d3e8ebf9f9952421f5449478be2
Size: 1.13 MB
English