postgresql:15 security update
エラータID: AXSA:2023-6438:01
リリース日:
2023/09/26 Tuesday - 06:19
題名:
postgresql:15 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、schema_element として設定した SQL 文によって
search_path の変更の保護を無効化できてしまう問題があるため、データ
ベースの管理権限を持つ認証されたリモートの攻撃者により、細工された
データベースを介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-2454)
- PostgreSQL には、特定の状況下で誤ったセキュリティポリシーが適用
されてしまう問題があるため、リモートの攻撃者により、不正な更新や
読み取りを可能とする脆弱性が存在します。(CVE-2023-2455)
Modularity name: postgresql
Stream name: 15
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.7.0-1.module+el8+1660+d323fea9.src.rpm
MD5: d96b9b8462d6db2b30592d53de771662
SHA-256: 7f262771ffc8627862cd25d25d71d826b454c1f9b8441dee1c6b2283428aa0f6
Size: 52.57 kB - pg_repack-1.4.8-1.module+el8+1660+d323fea9.src.rpm
MD5: 97a5f365333065a84167d2d7b305e572
SHA-256: af391984f85efea82abdcf009c0432c3be51e795fd667ffdc885914f972c545c
Size: 102.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1660+d323fea9.src.rpm
MD5: 7c3e805a19c17e91803bfbc0e7c26797
SHA-256: 766175cdcdf9fe2ab91d26b53a4a9e000d59c4e9782106f4a8784a6b85f031af
Size: 23.30 kB - postgresql-15.3-1.module+el8+1660+d323fea9.src.rpm
MD5: b3378bfb1e6579376db1cce25a79a93f
SHA-256: 299f4ddc27b448f13bd0672400218d04e07fe024304f0bc065581a106f090698
Size: 50.12 MB
Asianux Server 8 for x86_64
- pgaudit-1.7.0-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: ad510c4210746360da429846a9e826a4
SHA-256: 38abb6525505955766adb33d31ebbcbfceed2e44d562f7f3567f42d11e785f4f
Size: 28.33 kB - pgaudit-debugsource-1.7.0-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: df1d1dc3a9ae9626daaa48d5de85a70d
SHA-256: b0e956d67d6c918900abe3bf15eb7ac480700af4e4960809977bf5557b41c78e
Size: 24.12 kB - pg_repack-1.4.8-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 10780d7dc5876b990bb423e4eada41e9
SHA-256: f64b19f976ee08a5489ab6b335566c6b4c6b4fc6af0c48027c0bf21ca4b441f8
Size: 94.13 kB - pg_repack-debugsource-1.4.8-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 49960b82f5e93e343b2242bd7645d589
SHA-256: 23a7d5d8bb979eb11faecf60ec013010481f8ef29264e0f9bd88421d21b453de
Size: 50.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1660+d323fea9.x86_64.rpm
MD5: b0d9cdbdedfe51f578105885c564c8b3
SHA-256: 2d1f0bb88ee08e17022c9924643409a7a37b509e30c182bd9f67d7f2eb1e1220
Size: 23.81 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1660+d323fea9.x86_64.rpm
MD5: b7d655bd4f203398587f58e219c6f43f
SHA-256: d129ef35cb56035f8cb80240c575b4708b8b896e169987e25f2e978811cca18b
Size: 18.27 kB - postgresql-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 76a3355fbf2fecb9839a76e97ca16913
SHA-256: e836cbb2ef2b1c9a6942e69d4bec041a4fc831b2ad7d475350b41b814683195d
Size: 1.68 MB - postgresql-contrib-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 813e893caa6e7a707006a620042cd121
SHA-256: c9bfe87e44a52a741944cce3f1d9c8efb397f77d606c6c1806b501ecd09e1169
Size: 957.45 kB - postgresql-debugsource-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 94e643c75cdb4d06408b30b236e803d8
SHA-256: 03f91c2a966dd1899c25b8536b9a429037a599e8813243aa533af6a130c26bfe
Size: 18.80 MB - postgresql-docs-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 0bb31d0572d0e9278ccf6430698ab489
SHA-256: c874522b28c115899c1b151719826f36278e4f13aac7e23ee5ce5845e36cc861
Size: 10.09 MB - postgresql-plperl-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: d8f33b3b749c4bae16d785fe23057a4a
SHA-256: bb17014c75caf4535c7883b12724546b28fc271143a8b0a8381a833820d470cb
Size: 72.21 kB - postgresql-plpython3-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 955c90c83882a29ccfbbd839efcfe2b8
SHA-256: 8334d8d1bc59cc8df878263e0df5558002fb779528edbac21e6f859760dca652
Size: 92.05 kB - postgresql-pltcl-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: efd9b8a6db38a83a8b60b19991c20567
SHA-256: 6ad88df9700b9b6ce2cd1ee95e54eacc19763663318a0dc3b16406c415a82dcf
Size: 44.44 kB - postgresql-private-devel-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: bfc7a140aaaade9bb898d7e48b0afcad
SHA-256: b3d45fea0bfab63906a26a0659be194282f48a4078ed5d071a86471f9d53a8cb
Size: 63.54 kB - postgresql-private-libs-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 05e4245c3075917687238e5ed03b5511
SHA-256: e67fa9188123c57d099f04f95ea17646f46fc5f19171281d1ab5b57239f87658
Size: 131.44 kB - postgresql-server-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: b8866309ab90e0930288899957d4fd31
SHA-256: cffb7eeaaa9c7331eb25c716a57259f6d61a4a55a9339e2d73ec878859d4931c
Size: 5.97 MB - postgresql-server-devel-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 4c63128c3df910109a8b62ab52acfd1a
SHA-256: 705927dc930c3837a513e1347736b06393619b2c439c9e654e15552c512a1553
Size: 1.36 MB - postgresql-static-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: e3bfda5073249ed4a8810db7e65525b0
SHA-256: 15eb5afa50133ebe6ce6c7516dbad36571e31e10396b721c6bcf7365e26c62d3
Size: 152.31 kB - postgresql-test-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 3f42e60a14f9a0fd7d0421872b8c66e9
SHA-256: 34a019b0f34fcfa8c58cd637a7c3890f6d0df51e825ccd26ea3104228ac38b45
Size: 2.13 MB - postgresql-test-rpm-macros-15.3-1.module+el8+1660+d323fea9.noarch.rpm
MD5: b01b89661a8d087977f1fc4d837142b2
SHA-256: 4f862852b46d52b0539a0ccd647893fb1a2944dfd86fca094e24296f4850be8f
Size: 9.38 kB - postgresql-upgrade-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 685e4966740a644db0245eaa9a58f29d
SHA-256: 442ea060fdbbdc72f51c759fb26fde7ef740ae852243a667ca22b3c6ded200f2
Size: 4.48 MB - postgresql-upgrade-devel-15.3-1.module+el8+1660+d323fea9.x86_64.rpm
MD5: 1eb7cc4b3d20f92b7d642b72352511e8
SHA-256: 46b8e66363c51f2de649f64d9d3c9a245abbf7449a04c57ea24117f95e61344b
Size: 1.17 MB
English