postgresql:12 security update

エラータID: AXSA:2024-8743:01

リリース日: 
2024/09/02 Monday - 17:44
題名: 
postgresql:12 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgredSQL の pg_dump コマンドには、Time-of-check
Time-of-use (TOCTOU) レースコンディンションに起因して
ビューまたは外部テーブルを持つ別のリレーションタイプ
に置換できてしまう問題があるため、リモートの攻撃者に
より、任意の SQL 関数の実行を可能とする脆弱性が存在
します。(CVE-2024-7348)

Modularity name: postgresql
Stream name: 12

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-1.4.0-7.module+el8+1800+cecf62f6.ML.1.src.rpm
    MD5: 16088a409e0d043e9103ff1440d45962
    SHA-256: 7a2f5911b4c2878937e6def2f4a81018a1ab258c25dd4f5a6d06770565a82b14
    Size: 42.40 kB
  2. pg_repack-1.4.6-3.module+el8+1800+cecf62f6.src.rpm
    MD5: 355ccef327069dc1b41cf3c1e87a0859
    SHA-256: fdc7f3aa86fc2b1b10706d6087943791917da04122682813b0a48eaf9eac35e8
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1800+cecf62f6.src.rpm
    MD5: 9f0625864c0185cdb0fd093ac64bcb94
    SHA-256: 88bffa48c771a3f5f297fc75ac8af59ae2b1b99291e7d864640e564a237efebf
    Size: 21.13 kB
  4. postgresql-12.20-1.module+el8+1800+cecf62f6.src.rpm
    MD5: 03be77f20af88a4bfc02bc77360727c8
    SHA-256: c0745ca9ee4cf4f01ee69b5a630e04685f3f6c711ae4a59ce3300bdfb9272ac9
    Size: 46.64 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.4.0-7.module+el8+1800+cecf62f6.ML.1.x86_64.rpm
    MD5: db9939964c20c84272a917f0ae0a6dc1
    SHA-256: 12ddf5f4504d06d9514415ae33c69f96e2ded90e7726dd6e16fc3e534425c3ec
    Size: 27.10 kB
  2. pgaudit-debugsource-1.4.0-7.module+el8+1800+cecf62f6.ML.1.x86_64.rpm
    MD5: 1e6b4de6d06711ab15b4561a197d19c7
    SHA-256: 7e184d318432c8971b7587e90f2efff30b801a202049481d91f1af546f194a9a
    Size: 23.04 kB
  3. pg_repack-1.4.6-3.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 5eee2468c6221e7d19d642f0174efcb9
    SHA-256: b384cda3d30ee80a0ac7d276075e020339e544d8cedc2545bbe365f665e69d77
    Size: 89.19 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 702c158895ae8946bb97306de6038feb
    SHA-256: 855bad01b13275e00a07e0d156b70547c87ee3d3477db0df40efedfb47a7c429
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: ae21a8ded150ac5b76b464cb240639f4
    SHA-256: f5e772269af9f3f727b9ca989f0270ca7808cf9b008d5da0f0f71211995887e7
    Size: 21.83 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 139cc530d6564cc6f577c96f31502b95
    SHA-256: 9b524dc0c57946d8026c6ea825396214c79ee460989795f3419a7843951eaaca
    Size: 16.81 kB
  7. postgresql-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 5b0b64fd2d8040a8564a0718c409f475
    SHA-256: 5f974dc2cacbb8c4a68024cbedc0647aeb9517833e111bd81abcd609b0bd9000
    Size: 1.50 MB
  8. postgresql-contrib-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 3c96b04b981015bd2c9c6276df63c700
    SHA-256: 8813ccf997b8a657b8a71bcc54c2fa9a7f39b2d489d209d222685bb61ba91a5e
    Size: 873.75 kB
  9. postgresql-debugsource-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 98e87f0c08742b3eb345bb300ea1f03e
    SHA-256: a0f8573867822a9556a6da096310c614691e42b16b34e770da6d7fe58cffde12
    Size: 16.97 MB
  10. postgresql-docs-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: f33a1f2c4c1a534f4569a6c0f90dfa30
    SHA-256: 04ca44987c82be9a1eb739a4c695b5065ea252ff473cacf0417a578bdfcc710f
    Size: 9.81 MB
  11. postgresql-plperl-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 78ef607184eedbc415bb9625e553d857
    SHA-256: 18a89b7b0208456abbb51b8770005b52956ee5c847ed756fa2bc79e8ddf9aa00
    Size: 109.62 kB
  12. postgresql-plpython3-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 54bf36590ed608862e2e82d1105eeea7
    SHA-256: c050031679e419b5ab0b42ce528ee1567e713ee4002348529e37b2207b06d5b9
    Size: 129.85 kB
  13. postgresql-pltcl-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: fc0d9182d029205dec4da0f8afc4ec06
    SHA-256: 36b204ada0926e50306372f356ed86f303653cf55ef503df6033f66654d7fc98
    Size: 85.25 kB
  14. postgresql-server-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: ee3dd705abd91b21910af73a82428873
    SHA-256: 4d20992373b6ac83d8ed30daba2f56676145906b6daa5024f6855763991c6932
    Size: 5.53 MB
  15. postgresql-server-devel-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: aa3ffd3bec802bb14da9549d4e60f13e
    SHA-256: e3ad3d9aaf03d55655d9365b240837e2b3c0a9d362bb2be435945c14495132aa
    Size: 1.22 MB
  16. postgresql-static-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 2353489ea3c7163b578a386b501dedd5
    SHA-256: 2babc67fa7d89a60877b088c7db8a80e8823c014d13c4780c065ca0b6e8b4ff3
    Size: 167.27 kB
  17. postgresql-test-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 6f1b9641b775a37e0b0a5bcb2be68f16
    SHA-256: 323a6e4627b578a34be2e081225a557fd97239da059bc62d324172ac5890ca7f
    Size: 1.95 MB
  18. postgresql-test-rpm-macros-12.20-1.module+el8+1800+cecf62f6.noarch.rpm
    MD5: b044d5d4550680a556d4d92114e5c430
    SHA-256: 7cb8f85d0c19af8dd8f6b23dab03ca519a30015420f87e2105eeeb90bfc4ab29
    Size: 53.01 kB
  19. postgresql-upgrade-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: bc27fedc474ec5124b39913d1985534d
    SHA-256: c9b7901d3667fd738c0902198bf78eacd6b2810a1d66c30fa933d235670f7f77
    Size: 4.07 MB
  20. postgresql-upgrade-devel-12.20-1.module+el8+1800+cecf62f6.x86_64.rpm
    MD5: 430a608a46f186c13c2539c94b8478bd
    SHA-256: dbf3cc5cf85bcefd2556c0877754dc296a4fbc0c40fc52d388d27cf8fb552981
    Size: 1.13 MB