postgresql:13 security update
エラータID: AXSA:2024-9054:01
リリース日:
2024/12/09 Monday - 19:16
題名:
postgresql:13 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、クエリを再利用する際における誤った
行のセキュリティポリシーを適用してしまう問題があるため、
リモートの攻撃者により、行単位のセキュリティポリシーを
持つテーブルに対する特定のクエリや SQL 関数の実行を
介して、不正なデータの読み取りや更新を可能とする脆弱性
が存在します。(CVE-2024-10976)
- PostgreSQL には、リモートの攻撃者により、SET ROLE、
SET SESSION AUTHORIZATION、または同等の機能の利用を
介して、意図しない行の表示および更新を可能とする脆弱性
が存在します。(CVE-2024-10978)
- PostgreSQL の PL/Perl には、環境変数の処理の欠陥に
起因して PATH などの環境変数の変更を許容してしまう問題
があるため、権限のないリモートの攻撃者により、任意の
コードの実行を可能とする脆弱性が存在します。
(CVE-2024-10979)
Modularity name: postgresql
Stream name: 13
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.5.0-1.module+el8+1828+fead0721.src.rpm
MD5: 1d1e2e2cda03c7b5454dc34fdf46dbd4
SHA-256: 9b22e0da917d1c0c1be3eedaaafc9a41fae1ecf814b889394f7aef0047186153
Size: 42.60 kB - pg_repack-1.4.6-3.module+el8+1828+fead0721.src.rpm
MD5: e9bc18c38be124d093e044a18e1e9c5a
SHA-256: 08713830bdef6e264f115dca4098e5472f8abc286672ecbe9b0599ac98bcc50b
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1828+fead0721.src.rpm
MD5: 773c954e2bf24f5365437077dbf8eda8
SHA-256: f75a2eaa27488b2b953e44afcf8ee4dc5b8b3301dff8e9284f2d1a73c7108886
Size: 21.13 kB - postgresql-13.18-1.module+el8+1828+fead0721.src.rpm
MD5: 97d0856f5f8643c158a64163002bcbdb
SHA-256: e95e79f006945a0137bb1ee776d9c18461884418db8d8a914c69e1fda22aaefa
Size: 48.82 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1828+fead0721.x86_64.rpm
MD5: d7277340274fca211ef23cb29a7c4de0
SHA-256: 87ade9bebad3e7ba9624ceb1b4b0823c67836e046c3658364fb3aeab61b98328
Size: 27.03 kB - pgaudit-debugsource-1.5.0-1.module+el8+1828+fead0721.x86_64.rpm
MD5: c31d5fa4349c10274d14a45c52f1c87f
SHA-256: 87e14da99e5696a1dfdf76ae842717c433a36f96d14acd666bf0b699f187a2a2
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1828+fead0721.x86_64.rpm
MD5: fbc339524ba7d7d9f92b0cd5210789ed
SHA-256: 6dda9e483596fbbbe08b9889c3883967d2c964a93f0c240bdac240c7ad73f2b7
Size: 89.55 kB - pg_repack-debugsource-1.4.6-3.module+el8+1828+fead0721.x86_64.rpm
MD5: 024ac8955137403b7cd703233e6add8c
SHA-256: 04cbdba4cfa1821d542fd9e029c2bd97572426f9cc76ace342646d526840ab46
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1828+fead0721.x86_64.rpm
MD5: a962927949b29f680a0d9d7920755e0a
SHA-256: 4f0e65162d4470dbb46775c5fed0d53e2eb17fe3458b53059fa72b8b94e318d7
Size: 21.90 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1828+fead0721.x86_64.rpm
MD5: ba7e79a8f9232ddae81202c02758aede
SHA-256: 5cbf99e7f0963b14c514effcdfc6f21fe59c2dd320770927f7833188b0c6db81
Size: 16.81 kB - postgresql-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: fa570fe7c1be51fa69caa4199cfdcd90
SHA-256: 12df40fb321249d857ff79cb6b01a925648e0ffe23d5d11b40e8fa22c13b4fec
Size: 1.54 MB - postgresql-contrib-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 0acfa71ab94555143e59fee8e647ac76
SHA-256: b947e51880aed7a0d9d36c1a4be23685bfa75b65b09d3ca41b72f82046e24994
Size: 882.71 kB - postgresql-debugsource-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 90678b6849875fae0bce4ecd34431ecd
SHA-256: 0e5e230e34f41b372ac4898e15cc9feb14c0dbce1e5f9883ee4647ff3d3ac310
Size: 17.86 MB - postgresql-docs-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 8312c23f7aa23ecac30eee4fa0b5ecc9
SHA-256: 55df3a0df072ce3d0d3a54bde78d94d45f21a2067c09664b207be42a6970c5d4
Size: 9.89 MB - postgresql-plperl-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 70ab2403918c2b15c83bad20fae8c62a
SHA-256: 4d0058da4dfb4a877a4f915296f81984d33639d5eebe670e4535476a417e9d10
Size: 112.87 kB - postgresql-plpython3-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: dfc3a4bd9727da42a837a59eb7f99f2f
SHA-256: 528c2f45c2ff3d10ede23b05b8269b31b5d4492eba8196d70d18e1c06db0c75f
Size: 129.17 kB - postgresql-pltcl-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: a337b6b36af9da18e3b1b5e24b6e0179
SHA-256: f99daf4fc47cb495f626793dd00263c2cbe5c82a243e260991232264cfe6b1ba
Size: 85.65 kB - postgresql-server-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 079ad3aeb892b37204d12b5224311fbe
SHA-256: 0eef395911e8e8d095330b7add4cd7eeeb84f81ee75406ba252ddb538e7308ea
Size: 5.60 MB - postgresql-server-devel-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 6bcf4d5b63cd8847d4b41b4ddb61759b
SHA-256: 524ffdfc365ac7d21c1c3a8b71ee3d5712b846e88173eb4c588ed1dba843ac67
Size: 1.26 MB - postgresql-static-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 3ffff5754cc2287d53c5ecef487a0ffb
SHA-256: 337f31d763a59f28aa8faf10f6f188d42b8a0ac8be1a59e190900365ae59e0df
Size: 189.72 kB - postgresql-test-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: f4ca29d23b8120fb647f0a951d525c12
SHA-256: 364b28e42fede3a8fdd2ac045fc11b0c9720afe6f5f81e2714a7aff1434fd702
Size: 2.04 MB - postgresql-test-rpm-macros-13.18-1.module+el8+1828+fead0721.noarch.rpm
MD5: 52be9fd0ccde32db62191e10ecc09777
SHA-256: 68d30049266118de1b08853c84d66e6e8d30daf6396d552e4cdc1187806d4d4c
Size: 52.99 kB - postgresql-upgrade-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: b94a3edf2aa16e5e239e253d7a972f9c
SHA-256: 8519816a1fe0c0f000ac861f3380bf47e7fa677025be4e798339939577ca4f8b
Size: 4.39 MB - postgresql-upgrade-devel-13.18-1.module+el8+1828+fead0721.x86_64.rpm
MD5: 3d06d9479145102459251c84b82b54cc
SHA-256: 6c691efb49f59a3d30b89fe0e7bb2d7150fa4b8a8e24c274456655f449df8cc4
Size: 1.18 MB
English