postgresql:12 security update

エラータID: AXSA:2024-7567:01

リリース日: 
2024/03/01 Friday - 13:54
題名: 
postgresql:12 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgreSQL には、REFRESH MATERIALIZED VIEW
CONCURRENTLY 句の実行後、権限の削除が遅れてしまう
問題があるため、リモートの攻撃者により、細工された
マテリアライズドビュー上でREFRESH MATERIALIZED
VIEW CONCURRENTLY 句の実行を誘導されることを
介して、任意の SQL 関数の実行を可能とする脆弱性が
存在します。(CVE-2024-0985)

Modularity name: postgresql
Stream name: 12

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-1.4.0-7.module+el8+1730+eb33887a.ML.1.src.rpm
    MD5: d5054ab61be0a45e537dd1c17654cd33
    SHA-256: 0b2e024e2a95ef89e52c3b7331a7da4a2662f724a18b74ede579bd759c5eb609
    Size: 42.40 kB
  2. pg_repack-1.4.6-3.module+el8+1730+eb33887a.src.rpm
    MD5: aaf1e972c1f5819dbdf4a68ce60e1502
    SHA-256: 903790b5bc0acbd1206b4f82c6ce0170ce56ced49b968a3e96871b24bd9499ac
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1730+eb33887a.src.rpm
    MD5: b0c6a8e3e8956b6d133f0a026b049fe9
    SHA-256: 4d1cccdc21684c70943cff00e968302251fd48e83d0409b61c54b7f6f845fea9
    Size: 21.13 kB
  4. postgresql-12.18-1.module+el8+1730+eb33887a.ML.1.src.rpm
    MD5: 0b70ac611c2d884863b6b0d1339e7085
    SHA-256: 8368a35f5e06ea944529921c35380d3ae6e2d44b0c0c38054dfde43fb90d61d4
    Size: 46.55 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.4.0-7.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 16e2de59c4b941c35214c86247b7cc27
    SHA-256: c315bad1e82ad8c0c62c2733b3cdd107482e76df116f280cd211711cc77283db
    Size: 27.10 kB
  2. pgaudit-debugsource-1.4.0-7.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 1ca5584ee5719a0535549a547ac9d5db
    SHA-256: 4caaf951bcc2d421385d897c85fadccb275520f6829c4751274e519f820d590b
    Size: 23.04 kB
  3. pg_repack-1.4.6-3.module+el8+1730+eb33887a.x86_64.rpm
    MD5: 2a49feb1a9a8b0d746b89f94cf0c6935
    SHA-256: bb412a5a43756d5a1e0a74067df1701473f79714686091bc7f13390205c25267
    Size: 89.19 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1730+eb33887a.x86_64.rpm
    MD5: d91860d895b8b1b50ac7b97a55f3fed3
    SHA-256: 579e5aae98fe9d5c6adc174e9671f6e0c2d992647934260b983defe2abca313f
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1730+eb33887a.x86_64.rpm
    MD5: 7516e4d1498fd63e788a8ab7e764bd04
    SHA-256: 5b89ab25f7062d3bc6fdf4e3f74ffe6f93f12061f8c181a0aacebd8ba7809638
    Size: 21.84 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1730+eb33887a.x86_64.rpm
    MD5: 56e0638710463d4bc2a36db1d6eb270e
    SHA-256: fd5ff7853e2c32a6a15c10503026e2bffc3b827a291ab960de808fa2dbaa2baa
    Size: 16.81 kB
  7. postgresql-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: c1cd23cdd954f3b346aa2d1bbeeaf2fd
    SHA-256: 28f3cf7f3a52d5ea0edd370ccb526ec000685e920be9b995906ad0787575561a
    Size: 1.50 MB
  8. postgresql-contrib-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 1efe31db7fc756640272adf79bf27bde
    SHA-256: 9ef10640620f359eed22a966ebb434f119a7bea5a06a45de4a9cd36165816ee6
    Size: 874.31 kB
  9. postgresql-debugsource-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 8763a1d7d861d37bf0f70079bf66c74d
    SHA-256: f82e551100120ea0302e024a8a03c9c1e764217aeaf285c6d89d11123468a319
    Size: 16.96 MB
  10. postgresql-docs-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: def0af3666f8282ce1bbacd454b7acd6
    SHA-256: 48eb760cb5cb33d6a6c18d4995e9d40e0b65e326d89b11e8b6207e8e965455f7
    Size: 9.76 MB
  11. postgresql-plperl-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: ad7511cc85a9a1d36831fc4fa375f0a5
    SHA-256: 069259a28282c4fec91f782361b222fc799185c51ef5b44676adb23182db7769
    Size: 109.80 kB
  12. postgresql-plpython3-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 0303c53423de0b8f6a88337152052743
    SHA-256: 034bf26e3b0c02e2bb19b83c021909895d12362bedef24bcd408e727fe7ff2b5
    Size: 129.89 kB
  13. postgresql-pltcl-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 0186e6df1597349f39d020054bf24fe1
    SHA-256: b9afdccb6663606f60065a2a5a0052013a4fd8e11db6b450316d2c0e758e8648
    Size: 85.25 kB
  14. postgresql-server-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: d35a7bf199f1b09c07ed0b9ba7b8db7f
    SHA-256: c9d0b16dd5c352df453a16bac94e13c4ea493f349b2469f8880b018e9548e072
    Size: 5.54 MB
  15. postgresql-server-devel-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: aa737323e0e8c0e48f0e331aeed7e128
    SHA-256: 28024acac1a0a9a9f663033adde8e1ff6534e78c026bce82b29c327510c90aa5
    Size: 1.22 MB
  16. postgresql-static-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 643d51975ff4c05eb40e373b644b425e
    SHA-256: fe6977c530082d2dddb561e61f5624463a3e40d9b841e7115cf7caa088a421a2
    Size: 167.60 kB
  17. postgresql-test-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 1d27223feb6d03c161799ea1a35a6478
    SHA-256: 8eee70ef606cddf26e4b429534b7ea95374f02fb8b2db1d4712f91a634cd429d
    Size: 1.95 MB
  18. postgresql-test-rpm-macros-12.18-1.module+el8+1730+eb33887a.ML.1.noarch.rpm
    MD5: 7bac7d64123c7f190a4a0d49442ddece
    SHA-256: 1b9a7fdf314198d2d1e6745620ff2326f16cab6871d55afc78cc465f23abc2ed
    Size: 53.19 kB
  19. postgresql-upgrade-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 002c9cf0b79cd34134275ef9826be17c
    SHA-256: 0a2c52d5e579d5973e96805aa64146744c5b2b41fa574c25f9f6661aec49d8b6
    Size: 4.07 MB
  20. postgresql-upgrade-devel-12.18-1.module+el8+1730+eb33887a.ML.1.x86_64.rpm
    MD5: 853ed8e06f6a7c04d0c16d39a17b4e8a
    SHA-256: 97d0c4c1d813fdfe1a87a9766e28fa49d0e106f17cbb897063f680e98235bd2b
    Size: 1.13 MB