postgresql-13.16-1.el9_4
エラータID: AXSA:2024-8734:04
リリース日:
2024/08/30 Friday - 12:20
題名:
postgresql-13.16-1.el9_4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgredSQL の pg_dump コマンドには、Time-of-check
Time-of-use (TOCTOU) レースコンディンションに起因して
ビューまたは外部テーブルを持つ別のリレーションタイプに
置換できてしまう問題があるため、リモートの攻撃者により、
任意の SQL 関数の実行を可能とする脆弱性が存在します。
(CVE-2024-7348)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-13.16-1.el9_4.src.rpm
MD5: 6e4cafa8f42dcf783947f1c1e95c2419
SHA-256: 06dfc15e9a67bca2425c48665b8ef9f8de94ebc9f8fdf1908951c11a400c3175
Size: 48.67 MB
Asianux Server 9 for x86_64
- postgresql-13.16-1.el9_4.x86_64.rpm
MD5: 3d953cf9d18499431cdb5be1c93cd4af
SHA-256: 7c15f1613644c7b2e28f86a2b7034741e07fc10fa925d733d57dc344477b2da0
Size: 1.58 MB - postgresql-contrib-13.16-1.el9_4.x86_64.rpm
MD5: 3ee1cdf167ae14ea66163ea7710f05ca
SHA-256: 81c591e99c9bff4ad657d1485a272a03c19a32b0d49ff176beb5c4bf5e73ad3d
Size: 890.85 kB - postgresql-docs-13.16-1.el9_4.x86_64.rpm
MD5: 62fe8f172012a8feddfca1965df3d4b7
SHA-256: b8d35aeca78f50bb99c583416aa51bad2438d21394b069c81074de2639eb04cd
Size: 9.56 MB - postgresql-plperl-13.16-1.el9_4.x86_64.rpm
MD5: d1c613680916a698fedb64a22c959436
SHA-256: 20774bb42de86f3ff5786b8623cac7157a78eaa39e3df66072e614e4c18bf9ec
Size: 73.91 kB - postgresql-plpython3-13.16-1.el9_4.x86_64.rpm
MD5: 5d613b87a91dbbc3e8c3a99286d52ffd
SHA-256: f76101eceadf2ac7a31b0e49951a3de46fc5452904f5388e57d92dfd09673482
Size: 93.26 kB - postgresql-pltcl-13.16-1.el9_4.x86_64.rpm
MD5: cd89aa764ab88d0854c2b6abcadbf56d
SHA-256: 7c25eaeafafe9a221b9c37d8b9426600c4aae341c96bb9d5d15433a19d8ba971
Size: 48.11 kB - postgresql-private-devel-13.16-1.el9_4.x86_64.rpm
MD5: d60a69a132885853203c64868a4183cf
SHA-256: f2d31e6d28dfb0b35005b81e945dda18938734dd2651d662bee2bc6d2e7a680a
Size: 62.21 kB - postgresql-private-libs-13.16-1.el9_4.x86_64.rpm
MD5: b297558719fdd4facf6fb2414a0853be
SHA-256: 3e1d7ae0f6955d64faa84e67c25be09e13723a101fe0df9e607a9d1ffdf7696d
Size: 136.21 kB - postgresql-server-13.16-1.el9_4.x86_64.rpm
MD5: 3dd2013f743e6b659e5396c680e9a76a
SHA-256: 4b317efe2c2a9c9b717ccd5e2452b6884cbc18d123d2a93139d41468ff28ee9d
Size: 5.76 MB - postgresql-server-devel-13.16-1.el9_4.x86_64.rpm
MD5: 253fbd03b575dcebf5a38273734d8f6e
SHA-256: 00d1c682f815fb45cc0eeecb908a81d410b49baea3098e438ef6e24bc640fb3b
Size: 1.30 MB - postgresql-static-13.16-1.el9_4.x86_64.rpm
MD5: 079c2432b91052863dad7385ea8d16f4
SHA-256: 762523f8fd3d5096347a8cd6291592138c80dcc57ce0c987bc22f6ce066f21bc
Size: 124.67 kB - postgresql-test-13.16-1.el9_4.x86_64.rpm
MD5: da47ced39e9fcfca1dc80bc2c7687658
SHA-256: 66c30c98e52a2bb591d61bc1b1cc9958a4c6da7c75aa50f1e7e456f6dd14d14a
Size: 1.53 MB - postgresql-upgrade-13.16-1.el9_4.x86_64.rpm
MD5: ff8a894faa8c73d80e8b2df91705de85
SHA-256: 16efb5e2713a023e02372cba2c6821762db5eeff0fb30dabe37d6148aced66c4
Size: 4.61 MB - postgresql-upgrade-devel-13.16-1.el9_4.x86_64.rpm
MD5: dcb83640399e44275eca7020b2396a50
SHA-256: 9637fbbffc94c0efd99f59a0f7f4d0cecb9fd553a0111c677d0039020873f946
Size: 1.20 MB
English