postgresql-9.2.24-9.0.3.el7.AXS7

エラータID: AXSA:2025-9699:03

リリース日: 
2025/02/25 Tuesday - 14:38
題名: 
postgresql-9.2.24-9.0.3.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgredSQL の pg_dump コマンドには、Time-of-check
Time-of-use (TOCTOU) レースコンディンションに起因して
ビューまたは外部テーブルを持つ別のリレーションタイプに
置換できてしまう問題があるため、リモートの攻撃者により、
任意の SQL 関数の実行を可能とする脆弱性が存在します。
(CVE-2024-7348)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. postgresql-9.2.24-9.0.3.el7.AXS7.i686.rpm
    MD5: 20ad073ea4b530b6285305d79375bd5c
    SHA-256: f0749128051588fc412a776d06890a2ecdf7d5c96ecf5e9fb4033c16b06a70f5
    Size: 3.02 MB
  2. postgresql-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: a5d2408d2717d8db1361ce75533310c4
    SHA-256: c89453f244f12c2b14722fa7a560b364a68f2bcf8edf97ebdd8961ca995303cf
    Size: 3.03 MB
  3. postgresql-contrib-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 7ca19cc505c9568d9190a6dc8fbe8860
    SHA-256: 2dbff2c6156c69e7205ebae23a9c904ea68ae608baaaab0ab65f948d80fa544a
    Size: 552.43 kB
  4. postgresql-devel-9.2.24-9.0.3.el7.AXS7.i686.rpm
    MD5: ff025827b7994fa56bc70f50696a1efe
    SHA-256: 39426f52bd751090828097d973e2d8400b18c692bc418cef5dd0f50f6783ed50
    Size: 956.03 kB
  5. postgresql-devel-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 39de72b55bb4787748e20f28add2081f
    SHA-256: 92001d1cf5f78a8766c4f62a00a0e9e4182e6efc96228d08e74067f1ac3e48cb
    Size: 961.73 kB
  6. postgresql-docs-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 0009d8f940fa5fc6d36514e39d92db28
    SHA-256: 56f468e1f89c1c49b3da4cdca442d8812c47e65b7f9ad47554d07f31cd9c4d10
    Size: 6.87 MB
  7. postgresql-libs-9.2.24-9.0.3.el7.AXS7.i686.rpm
    MD5: f44e9fc866e4dc0386e7fb6a8430854d
    SHA-256: eed47fada8feccf11869ddd4b12078e508d929246d9985d57b921f4c6169d1f3
    Size: 234.68 kB
  8. postgresql-libs-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: f2cf967f093df7a96ed1788168c71a09
    SHA-256: e648fe441b9295b87ab5a3a4552270403a7f886b9be3ef9d8f878bb3978f1b16
    Size: 234.48 kB
  9. postgresql-plperl-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 92123d8795a6511435ca92b1888f1103
    SHA-256: 840beb9c857f448a3fd08fb728607ba093c8ca7d7900da2ab045d718e019001f
    Size: 83.88 kB
  10. postgresql-plpython-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 02f582ce19fa53d5f2b6398762126590
    SHA-256: d9d683822f3d3fadadaa9ce3e40a049c2a011a8b4b834f1ba8822ca15652a9f7
    Size: 96.62 kB
  11. postgresql-pltcl-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: dbb379c4830a3176e320909e64b047d5
    SHA-256: e518134569ba9965c549e86396c5484644b2f59bc503fafe29f4e49be3e77685
    Size: 59.92 kB
  12. postgresql-server-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: b5f1295e204df5dad01e3590b5bb5be4
    SHA-256: 740d7f2b67b99e8c24a3cb742acc820a896c55cb2ef92a1dfbbfcdbf4ea3df25
    Size: 3.82 MB
  13. postgresql-test-9.2.24-9.0.3.el7.AXS7.x86_64.rpm
    MD5: 8d8ae48273dc9f4456de20036dc7e297
    SHA-256: e79552ac96aff3feefffb36653d264922bcd62c27d79cc9e1204b04140996803
    Size: 1.22 MB