postgresql:15 security update
エラータID: AXSA:2024-7330:01
リリース日:
2024/01/03 Wednesday - 04:31
題名:
postgresql:15 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の拡張スクリプト機能には、ドル記号、クォート
記号、ダブルクォート記号などを用いた引用句内で @extowner@、
@extschema@、または @extschema:...@ を使用した場合、SQL
インジェクションが可能となる問題があるため、データベース上
で CREATE 句の実行が可能なリモートの攻撃者により、細工された
拡張機能のインストールを介して、特権昇格、および任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2023-39417)
- PostgreSQL の MERGE 句の処理には、CREATE POLICY 句を
用いて UPDATE 句と SELECT 句を禁止し、INSERT 句を許容する
レコードポリシーを設定していた場合に正しくレコードポリシー
を評価できない問題があるため、リモートの攻撃者により、
レコードポリシーの迂回を可能とする脆弱性が存在します。
(CVE-2023-39418)
- PostgreSQL の特定の集計関数には、リモートの攻撃者により、
型を指定していない文字列リテラルからの値の処理を介して、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2023-5868)
- PostgreSQL には、SQL の配列変数の更新処理における整数
オーバーフローの問題があるため、認証されたリモートの攻撃者
により、細工されたデータを介して、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2023-5869)
- PostgreSQL の pg_cancel_backend ロールには、認証された
リモートの攻撃者により、細工された耐性の低いノンコア拡張
機能を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2023-5870)
Modularity name: postgresql
Stream name: 15
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CVE-2023-5870
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.7.0-1.module+el9+1024+844f2c86.src.rpm
MD5: c524a7e7de52e1436d7c374f01810020
SHA-256: c018fdd0ea09fcb3d61e92866746f0dca40512e645b0ae680c05880cf4f80c38
Size: 51.24 kB - pg_repack-1.4.8-1.module+el9+1024+844f2c86.src.rpm
MD5: 7026a383d0f49bafe321e62d54e0fcab
SHA-256: c6b8bb96684e6633d48997fa7a65d2f8d6b06533d66ab01211cf2356380f267b
Size: 102.64 kB - postgres-decoderbufs-1.9.7-1.Final.module+el9+1024+844f2c86.src.rpm
MD5: e0d3feaae0689b0873c947a7df358fdd
SHA-256: 2c4ed743e40749df4472bf574575a3323af3fdd1e5a39ed188c6ebf9fd27926e
Size: 21.45 kB - postgresql-15.5-1.module+el9+1024+844f2c86.src.rpm
MD5: e02f3754b3c5885fa5d644aca1a14ed5
SHA-256: d536ecdf798ef2edc6b269fd92f7d4997775908a5d48af552c4b2b28ca50dc3a
Size: 50.42 MB
Asianux Server 9 for x86_64
- pgaudit-1.7.0-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 4b46c0ba880ca1263f3fd271b76e842f
SHA-256: 714a1f1214b8924b2fe59d9ebb8b8db4e8daf6534865f1bc8931ae59ef7fd0b1
Size: 27.50 kB - pgaudit-debugsource-1.7.0-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 5392ef1438c9d8e132caef424b7c71b6
SHA-256: 94bd7c47f8a384211f753d4a086f9462e4e952d57579a02f6bad6fcbfa2cb73f
Size: 22.30 kB - pg_repack-1.4.8-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: f8118eef8762dbc4f17e0bb9e425f934
SHA-256: 172a7633fdc1f1dbe967a44980d54aa34d7837f0a8880d17f81905518eec820b
Size: 90.31 kB - pg_repack-debugsource-1.4.8-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: aaa0e4945f9cf5dd367c4f6e8065615b
SHA-256: 90994c65509103115c2ddc7eaddc2114b08615a0d889a4b742d8184fb9a9473a
Size: 48.52 kB - postgres-decoderbufs-1.9.7-1.Final.module+el9+1024+844f2c86.x86_64.rpm
MD5: 3de8b8d09fb3f426f5b111ad6c53ca79
SHA-256: c7413c7e53ea2d0fa1c2dbbcdac74cfe0c989de395849689e34744d4781aba67
Size: 22.76 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el9+1024+844f2c86.x86_64.rpm
MD5: b741e8d1aa2fcb38bff99d1e789c57ae
SHA-256: 9b2028b37a695274ebf9c91f5abbb0d11c9ef25d55dfbf21db83dbc636e664b1
Size: 16.55 kB - postgresql-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 08f44c860875df9b590c4490ad1152c6
SHA-256: f81fcc966b398f5b47569b6b88bde7d25eba2ac83dac139226fb859779fc2484
Size: 1.64 MB - postgresql-contrib-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: ceb5be7c29d7012e2019f310fd426f3f
SHA-256: dc96dcedd5febd331f39c7deb45596646314e3130eae73c41ace82ec9f1ac3e1
Size: 908.11 kB - postgresql-debugsource-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: c985ef1f2454ad2f91554ba134c4b261
SHA-256: 2082fb9dd56fe7a67a0bf5590d7024575c689313eac9214e53a4286b16b20d37
Size: 15.22 MB - postgresql-docs-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: ebd8efdb2a994c5dbb6e1516d550e86f
SHA-256: 8775e4de3ac3a61c2fbb2f1012225942e07700df1e388d085c36142ebe1b4f98
Size: 9.62 MB - postgresql-plperl-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: b06967a1ba92b3ec3430ec26f85dcfec
SHA-256: dd4489af485d313157cab089dac732271003eab53ef2a1cb5f6cdadae89e29a4
Size: 70.37 kB - postgresql-plpython3-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: fb4625aa4555c23aaed955a00dbb3257
SHA-256: 18d6240efc01cb99d17c6433a4ba0e7cb4b64cc6e855e9e5b26872af1622106c
Size: 94.24 kB - postgresql-pltcl-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: c2ef6abfafdad9b044f955ecb66454fb
SHA-256: 2a768f49ec559eb29329df6659e7d1894827aaee6a836da0534895bd19afc14f
Size: 45.29 kB - postgresql-private-devel-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 1a4f72d29459a1dc930828f3e75f3c8a
SHA-256: e21895d68314e59de63feb96b6ccb522df5a140e608d2db449b7db05aa5852d8
Size: 61.52 kB - postgresql-private-libs-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 9c2fcb05abf7498c7e009af1223906eb
SHA-256: b06371de51aad5bb091220878ee6940be2b4bcde498a2b966e4916043224033f
Size: 137.33 kB - postgresql-server-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 4f2175246d340bbf91c508ced4dedfe7
SHA-256: c311b37dc340bc9e221f74e1791d165db31bd0fe1b2337e6e7d3d5cfaef22c27
Size: 6.20 MB - postgresql-server-devel-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: fdf9cd0208a83b6d411c6c57137ca246
SHA-256: 35b1f58bd62bde18917367549b9f37b6cd095b85eb86b303d169fb68884128d1
Size: 1.24 MB - postgresql-static-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 5505bc723f79ec3d6ef32ed490cb138f
SHA-256: 9179c6b053b410d1f373d24698ac2d91442a572b39aad874069540941a3097a2
Size: 149.54 kB - postgresql-test-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 57ad54e7d2b6cf216364b1af1cd4859e
SHA-256: 49428a7ef81c6e112603a286a6ac0664697b99cf23edbffe7eb4f853ad345c9d
Size: 1.57 MB - postgresql-test-rpm-macros-15.5-1.module+el9+1024+844f2c86.noarch.rpm
MD5: 2a9e697923b47f110b2828134a9678b0
SHA-256: 0fef7c68eed2be6d5571500781fdb06fc26ffa0739a432a674c3915980721dc2
Size: 9.39 kB - postgresql-upgrade-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: 15c11d614a67b2aa6b90af24a12f398f
SHA-256: 74b43e683d3edc2faea0ad38b38e7942866afc07ad9365378ade473fddb0a9fc
Size: 4.72 MB - postgresql-upgrade-devel-15.5-1.module+el9+1024+844f2c86.x86_64.rpm
MD5: a05a09a0cbba41b0959cee80c4bec048
SHA-256: a9d3c69ffc3cc50c2d5c0c03f67e82198c739e8b0f04362f9777dd7f8132e64f
Size: 1.04 MB
English