postgresql-13.23-2.el9_7

エラータID: AXSA:2026-299:02

リリース日: 
2026/03/12 Thursday - 22:11
題名: 
postgresql-13.23-2.el9_7
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

解決策: 

Update packages.

CVE: 
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. postgresql-13.23-2.el9_7.src.rpm
    MD5: 651c9ff1ac31835c3700f132b080b84b
    SHA-256: b04d5de2c57ad2d7b1913d6b47dd0966efd2e7bce58c8975f13cfdcf375345cb
    Size: 48.96 MB

Asianux Server 9 for x86_64
  1. postgresql-13.23-2.el9_7.x86_64.rpm
    MD5: d69aa87ebf36142bc2058ac796de246f
    SHA-256: cba300d7d0fd8845b82a69a1a3d8abae747e68fadb5faaac6f46894fd094c017
    Size: 1.62 MB
  2. postgresql-contrib-13.23-2.el9_7.x86_64.rpm
    MD5: 733a59d76261bc53794fd38603a6c686
    SHA-256: cd27de86c5629a2ffa16a62cf0b55f07cbb4abfa1129d336bf80fd2df5c83f0c
    Size: 885.79 kB
  3. postgresql-docs-13.23-2.el9_7.x86_64.rpm
    MD5: 63b78b9c62d205b4099a2e0eb23450ef
    SHA-256: d37cd445b928d7399e5bfd4701d2d6255c1a26abfb2eaffa7bb742399125b6ff
    Size: 9.66 MB
  4. postgresql-plperl-13.23-2.el9_7.x86_64.rpm
    MD5: ced663c05132f622f50f42c63cc13bf9
    SHA-256: 09fe37ed4a1c64740f996943a7ea0f696c4f50a3a64ae83424003d87fc34b2b4
    Size: 74.45 kB
  5. postgresql-plpython3-13.23-2.el9_7.x86_64.rpm
    MD5: 360f97f8debb4197bfe42efb67dc5d03
    SHA-256: c40ea5f525cc4bd1efd2cf81f6ced8914445443a0abde3e96e49c926b91fc5f7
    Size: 93.72 kB
  6. postgresql-pltcl-13.23-2.el9_7.x86_64.rpm
    MD5: 3632b470fb3a9abb216174d92798a5f7
    SHA-256: 8f9e13e83d31ea4a41fc86b9ddd372a0e68fdf3cf685c00d956f104bec5c2bbb
    Size: 48.62 kB
  7. postgresql-private-devel-13.23-2.el9_7.x86_64.rpm
    MD5: 04414c7f6584b27fef74e655e48f56c7
    SHA-256: 7382661354e9dd7579ff29af41459b99932c2f07af011147b8eee52b96bc3443
    Size: 63.36 kB
  8. postgresql-private-libs-13.23-2.el9_7.x86_64.rpm
    MD5: e985bae8670b9b3a617b809f07bd67dd
    SHA-256: 4135a6d51cd25a5fa3979bbad8307b14b5a75e60d961203a09ff5bd3921467ae
    Size: 137.74 kB
  9. postgresql-server-13.23-2.el9_7.x86_64.rpm
    MD5: 3a13f024ba29ee506e70076206e8bf54
    SHA-256: 3b23006c6ea98c0146498947fb352ecd786f527655b3e91756f96bc7163ec3ac
    Size: 5.76 MB
  10. postgresql-server-devel-13.23-2.el9_7.x86_64.rpm
    MD5: 7376cedf1c80b25cce98faef68a63334
    SHA-256: ffef8e360398e3a396e10ef5ae3eb48fad7dcd32e86f4dda82e901f79fdcd682
    Size: 1.31 MB
  11. postgresql-static-13.23-2.el9_7.x86_64.rpm
    MD5: ceb6c4b0d44794461514c6e0b206dc42
    SHA-256: 48edbfac2dcf456cbafccfb51b82cece42014e4fdb15e83366cbe1481f6f12c2
    Size: 125.56 kB
  12. postgresql-test-13.23-2.el9_7.x86_64.rpm
    MD5: c0af62c3f513976945c4c0c31cc71c1b
    SHA-256: 6ee4c0f0071d3a92bb270bcb4b54617e20da4cbf264b59586983f795cfd7c394
    Size: 1.54 MB
  13. postgresql-test-rpm-macros-13.23-2.el9_7.noarch.rpm
    MD5: 7ece2fbaf228d31a86823889e882da16
    SHA-256: 484a148b7818b17f644526d770c241bddbdab3243e529947ff39393d3e521677
    Size: 9.38 kB
  14. postgresql-upgrade-13.23-2.el9_7.x86_64.rpm
    MD5: dcbed9c95f163b5e7b65eadec3140000
    SHA-256: cd4c1ff517b9f17dbaae313a648b19ca0668948efd741303da6ee191afa362c7
    Size: 4.60 MB
  15. postgresql-upgrade-devel-13.23-2.el9_7.x86_64.rpm
    MD5: 06d8bfa103c8f63d0da77636363baf16
    SHA-256: a9b98b597087efbef91dc1f54beefb56ac56f104ed4e7a299ba6ca6169b05a56
    Size: 1.20 MB