postgresql:13 security update
エラータID: AXSA:2024-8738:01
リリース日:
2024/08/30 Friday - 18:02
題名:
postgresql:13 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgredSQL の pg_dump コマンドには、Time-of-check
Time-of-use (TOCTOU) レースコンディンションに起因して
ビューまたは外部テーブルを持つ別のリレーションタイプに
置換できてしまう問題があるため、リモートの攻撃者により、
任意の SQL 関数の実行を可能とする脆弱性が存在します。
(CVE-2024-7348)
Modularity name: postgresql
Stream name: 13
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.5.0-1.module+el8+1801+7e07b1dc.src.rpm
MD5: 5c66ebbbcc1073a7c3aa29f94fd72721
SHA-256: 0ca307d5e9c61b4965a1ae90ab377d3f6d588b66b41412a4e3053548f33d0f95
Size: 42.60 kB - pg_repack-1.4.6-3.module+el8+1801+7e07b1dc.src.rpm
MD5: bde680a874db03bf819cb68b70cbfdf3
SHA-256: 6675e9d39ab480a8f1cdd712aa4dca18ac2d907dbd2cc0a9383e63e2f4eaffe4
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1801+7e07b1dc.src.rpm
MD5: 3ba70a0bd97d483d0f44e103629a76cd
SHA-256: c7f959f99736bd12e5421cf65f82e0160164892bc955b9879bc4f2320dc782b2
Size: 21.13 kB - postgresql-13.16-1.module+el8+1801+7e07b1dc.src.rpm
MD5: 58029de16e9536932426cb93b34675a7
SHA-256: b797bcc882cfbc9a07636f497a0c67b1c8756d1217e4a1164737263eb1e88096
Size: 45.24 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: f5e29d6c6d604d25082028e976193ac1
SHA-256: ecf920622956a5a789e69731c04c9b995b04d412973530fb68a51545487a577c
Size: 27.03 kB - pgaudit-debugsource-1.5.0-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: b63bb0acd737d96c603ee8dbac4eb00d
SHA-256: a3e440ff6f87b8eab222072fab64515710446ac46178c000689d0dba7c2fe113
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 482b066ecf35937a50d3a92eb2329b97
SHA-256: cfff2dc8d3ca2ae66af684f093faabaff3e3e8bb1950f701038bb12193c451fd
Size: 89.54 kB - pg_repack-debugsource-1.4.6-3.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 2bf7375d617169920465d69d4f553750
SHA-256: d85fafc2007ac21d253cc30f9ce15f8d0129d275319e44ddc3e1b2f7cf0eb302
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 5963069fca78f2dd68ea0bd9519027c0
SHA-256: 0e9d7a0a94e21cf23a9e94077558c75fd4258d7356ef8cde020965e7e8da79c5
Size: 21.90 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 281321cfb55478bf0866d1d2da3c01e7
SHA-256: b4002d3a9734719efe8d9ce77ec243401c15ad2cd8aaee5ba15a3149ccb0be9c
Size: 16.81 kB - postgresql-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: a5028f9f5ff73e659c6d3f6a69254c60
SHA-256: 0d6847f618a624844d1cbfcb0b8bf3c7d22e0bfd45c9bc1875f17aa938841807
Size: 1.53 MB - postgresql-contrib-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: aeb77b5ec9b653cb32e2ff10480b7edf
SHA-256: e1eee37f7f27bfcc3269be0d9546c96113074498b368efa5184ff1e9894ee5aa
Size: 882.20 kB - postgresql-debugsource-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: f3e5dc56378ac52b0f3790fba898bfb1
SHA-256: 741341a3c5e923f28cbd9b41ae83c44f4582e03219c3786bc92937240e4ab5e4
Size: 17.84 MB - postgresql-docs-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: b63f145eba42db451b168e48799a857c
SHA-256: 6cf11466493b1015e5878c424113bce1ca80cb882b5afb0c9228df00aaa7a977
Size: 6.56 MB - postgresql-plperl-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 1a245cc16b0391c7b96d085909b24064
SHA-256: 0c4a27f6cdc43327c1f47d7615c1c651548a77fa83c26789ee3a0fcc1aae42df
Size: 112.41 kB - postgresql-plpython3-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: af3c07e31dc12601717f4f408c2df651
SHA-256: 3be2f4f95d59ba6dc20635aac65dd3d7a7eb22012eadd3a3eebd54f7db2964ca
Size: 129.04 kB - postgresql-pltcl-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 7799f1607936dddcd0050317b348073a
SHA-256: b07069e9c5ff71d79b07b5037ec762a36fe843aef76c32ae24dc097d9282cbe1
Size: 85.62 kB - postgresql-server-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: ad830dffe53290cd555ab1ae858a797f
SHA-256: 9b2ed4bd915eca60d7afc3d756128981f4081b1473b64b59d964c49e974b3118
Size: 5.60 MB - postgresql-server-devel-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 60025b86fd992b103e2d92706786e9b8
SHA-256: 4b509fbcdf84047f46f10d97e0c02270834aa4794c31edb44348618fbeba4edb
Size: 1.26 MB - postgresql-static-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 1f1ceb5ecc2e916775297903221673a8
SHA-256: 791949067f1d5a41b8d886a4a16417ed984db38a07ce184ba08876af27d1b5b3
Size: 189.59 kB - postgresql-test-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 307fbe0b562cfb28072c4285f4b06fe7
SHA-256: c3d835cd5e9cff37b012c83c4880351642294ae0b3e7769ef17a2d48d50f9971
Size: 2.03 MB - postgresql-test-rpm-macros-13.16-1.module+el8+1801+7e07b1dc.noarch.rpm
MD5: 54aecbb2f92b5f3c70be667bdffe1a06
SHA-256: f28634cb770e679a83df9c80dec2690f6f7fa35dc66bf780cee6cef84b731bce
Size: 52.87 kB - postgresql-upgrade-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: 626b9307309a573094d69e1161abad5e
SHA-256: 41fa0b3c956074bf72a7b73a356c8354df98f591d372ffe76c23711e867334fc
Size: 4.39 MB - postgresql-upgrade-devel-13.16-1.module+el8+1801+7e07b1dc.x86_64.rpm
MD5: ebe0a251ebd7aea2b4461f7a4ff07802
SHA-256: 2bcd2e6b7e76d8400068efc3ee66aa2a273d92d288fb57063b43f74bfd71110a
Size: 1.17 MB
English