postgresql:10 security update

エラータID: AXSA:2024-7392:01

リリース日: 
2024/01/15 Monday - 11:07
題名: 
postgresql:10 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgreSQL には、SQL の配列変数の更新処理における整数オーバー
フローの問題があるため、認証されたリモートの攻撃者により、細工
されたデータを介して、任意のコードの実行を可能とする脆弱性が
存在します。(CVE-2023-5869)

Modularity name: postgresql
Stream name: 10

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. postgresql-10.23-3.module+el8+1710+1a00223b.src.rpm
    MD5: 3e6c3f61ab3946007b9f9966953fa9af
    SHA-256: 0d9feb1784ec2aad4e45ad696c69aec5dc037c5920c675d32831b8b269756b30
    Size: 34.21 MB

Asianux Server 8 for x86_64
  1. postgresql-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 6f3216379a31c89027e5db6e99e3ace0
    SHA-256: 075712a059080fcb126ea940e0d4eb7d9dc97a6eab0abbd7fa233656004b10f9
    Size: 1.50 MB
  2. postgresql-contrib-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 21333e9a19c3d9a4cca8223e8ab5a192
    SHA-256: 670a0163de9b5c62d991c7096d94255e136d88002ee1bfd719c305c00bfdf203
    Size: 810.41 kB
  3. postgresql-debugsource-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: c0813af36ef48c57198870d858b8b405
    SHA-256: ca03ba52fd48b6c5e23dfa52df1f8f5935dad02361838592801f04468fc320f7
    Size: 14.59 MB
  4. postgresql-docs-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: a033d7c56460041f767518543d9590c3
    SHA-256: ce87bbdb9353e3c08f28e25d550df2ffe4a2d6f484aaee3554ca7c8e8cf47086
    Size: 2.23 MB
  5. postgresql-plperl-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 1b37ad7dc12a5b6e8816c98b9036fc11
    SHA-256: ec9f79870afc598a38c7bccc069dab179906ed09971ee958da75feec0c464986
    Size: 101.84 kB
  6. postgresql-plpython3-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 551848cdf11167bdaf5594fc3313b63b
    SHA-256: a9d5e220d49590364bf7d63d8b84f1ed4d10b10e5a953f83cad9482dacd9eb6a
    Size: 121.57 kB
  7. postgresql-pltcl-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 1468655fe88e0303e07eee4171951899
    SHA-256: 082e4cbed77bd4a57bc57f9fe58fa73f1ec8c64e5649051f3c5d6af1a6c44c64
    Size: 77.93 kB
  8. postgresql-server-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 5e16073717a0c5a83bdc13d89715aa67
    SHA-256: a370bde82fc5903efc093d80a3b6853de45088218b85856be97064bfbd0d9774
    Size: 5.05 MB
  9. postgresql-server-devel-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 396a37fc4410d0621db548b8fca9be5e
    SHA-256: ad38502485442c07f906ca01da3e485fa2f9f558b555291a716ddf87f542cdaa
    Size: 1.16 MB
  10. postgresql-static-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 8a2e7960295f4d6f73e07d3beca5b55d
    SHA-256: f61966c0700638c0a608f9049ec5c30729431430bfb48f885bea557979def928
    Size: 126.66 kB
  11. postgresql-test-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 434ac19399d0a3693b4df488ae2ac823
    SHA-256: f5a8042682ad0712c4427ee5e155e89c0c4e83af6207af56baefa6afa116c08b
    Size: 1.68 MB
  12. postgresql-test-rpm-macros-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: d2ba049c953d969633e776850bd2e7ac
    SHA-256: ceec685412f28688c038f9f8876db537507fe00a902c89ccc5e2cfcc418fe089
    Size: 49.08 kB
  13. postgresql-upgrade-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: 7207d855c66b5ae16c4816a3f9249ee3
    SHA-256: 5313f4f23f1a59911dbc12fa53957f2c747783614f94b4e51ba03ff52ae179b6
    Size: 3.34 MB
  14. postgresql-upgrade-devel-10.23-3.module+el8+1710+1a00223b.x86_64.rpm
    MD5: b5ae21134630dc1196e1333483c629c0
    SHA-256: ce2a7236c2d6f4c3413ed5cf4fc4098b40d144fb2d058c4e6eec1ee1f715baf0
    Size: 760.49 kB