postgresql:12 security update
エラータID: AXSA:2026-303:01
リリース日:
2026/03/13 Friday - 18:35
題名:
postgresql:12 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の intarray 拡張機能には、入力されたデータの型の
検証処理が不足しているため、リモートの攻撃者により、PostgreSQL
プロセスの実行権限による任意のコードの実行を可能とする脆弱性が
存在します。(CVE-2026-2004)
- PostgreSQL の pgcrypto コンポーネントには、ヒープ領域の
バッファオーバーフローの問題があるため、リモートの攻撃者により、
PostgreSQL プロセスの実行権限による任意のコードの実行を可能とする
脆弱性が存在します。(CVE-2026-2005)
- PostgreSQL のテキストデータの処理には、マルチバイト文字長の
チェック処理が欠落していることに起因したバッファーオーバーランの
問題があるため、リモートの攻撃者により、細工されたクエリの処理を
介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-2006)
Modularity name: postgresql
Stream name: 12
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.4.0-7.module+el8+1960+495d3271.ML.1.src.rpm
MD5: c2a54bcefe78c07632a1379fa0ce45ae
SHA-256: fe3bfb01a5fd3198bef9f0c7549df7693bc71c4a30b69a60b9fe25fa5d1822bf
Size: 42.40 kB - pg_repack-1.4.6-3.module+el8+1960+495d3271.src.rpm
MD5: 47b49ee02d80f24da28e0bf1e28728a9
SHA-256: 713d593d772330025039477d30e668f3fff9f780bc6ddc564ede1c91dd559963
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1960+495d3271.src.rpm
MD5: bac3bdc526c7d28488e5b8ed0d3d4b34
SHA-256: 7f6a5f94708522bcabe3e30f4897cb3fc4418b8726de3c94731a719ef9d88120
Size: 21.13 kB - postgresql-12.22-6.module+el8+1960+495d3271.src.rpm
MD5: 7d409ff955435bc48fcea8cf4b2c2173
SHA-256: 74d776f3ace9bab3397cd9515e45e5178cfcc3630e2952a2186053d5616ca997
Size: 46.79 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-7.module+el8+1960+495d3271.ML.1.x86_64.rpm
MD5: befad7d25126d892c566613ef4e62ba9
SHA-256: cd0f111acb40df055366e9c29a4485674af798adba0e6850696909954b188e75
Size: 27.10 kB - pgaudit-debugsource-1.4.0-7.module+el8+1960+495d3271.ML.1.x86_64.rpm
MD5: 0f0a62b00742499ab6f2f7f5d427a906
SHA-256: f55c592d53f546d2158cd9ba5c803ed943b13cb9c306bbf165274b980ee1f75e
Size: 23.04 kB - pg_repack-1.4.6-3.module+el8+1960+495d3271.x86_64.rpm
MD5: 02ef0b179d928f62cc98228dfe7e00dc
SHA-256: 1276dc24542b302fac21261e2bc9458782e9168db9e0541a185c1b2df9d44f12
Size: 89.17 kB - pg_repack-debugsource-1.4.6-3.module+el8+1960+495d3271.x86_64.rpm
MD5: b785e044e866c7ac7a4ce1a1244695ea
SHA-256: b88546ca8f9ab7c300d0d75cf394f856d65b94cee42111a95dc762b35173d421
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1960+495d3271.x86_64.rpm
MD5: 0f7a1b7b78fafdd986b8f0c30fe4cda6
SHA-256: 227060eec309600270021097f41593abadefdd9f88932c61996694368f2cdde9
Size: 21.84 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1960+495d3271.x86_64.rpm
MD5: 09d44495351d43ae8f4aa14c22c063b3
SHA-256: 03d251448fe65711fd5038fce626b707f75b14d60566aae923cf32cb112566c9
Size: 16.81 kB - postgresql-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 84b10858b34aa81095a7fe3f6e4e2856
SHA-256: 4277c9b2376962ca782fc105bbb086518e6b8ad6eb30e41140111ba61a75567c
Size: 1.52 MB - postgresql-contrib-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: fa2b586e2e897df8c5b642ac6668cf45
SHA-256: b0f9f7bc9a102496ea42e04c19877e34d64990199b4475de93ba5b070004b6dc
Size: 875.23 kB - postgresql-debugsource-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: bf13ab1f2405d5c47ad0806765ed199d
SHA-256: dceda97eb520cb2c2d849adbfdb56c915f94f90001347e151683e6c3f1fbfe9f
Size: 17.00 MB - postgresql-docs-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: b725c714ee72c0e0dc944bf213d4d18e
SHA-256: 5a782279df6cd7f6579e6d3b1a1cc532be08151aaa4fcd509b514f8e9b975b39
Size: 9.85 MB - postgresql-plperl-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 5acc809bee63f6fd50b2cdca47370aae
SHA-256: 17173e3239bd1864497951dd66e1f5c2079959a5ffbe2350678e4af13c123820
Size: 110.24 kB - postgresql-plpython3-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 90ddff2c8d473cab38f09dc19436fb00
SHA-256: 6616e5f01620f837f064b8dff3688182312cc636c593ba72aaf584e5e5f8515e
Size: 130.33 kB - postgresql-pltcl-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: ae80bb8a40fb0e20754df180a6dbae31
SHA-256: 50181107dc39f0cdf8028baa04827de537fd4991700d3646bf61496431c1db45
Size: 85.83 kB - postgresql-server-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 7c0df31eff1dda791c3677b5d7a4dbb3
SHA-256: 49a7559dd5eb8f456892e69aae9c9a98cd4874cdf54ff30f12fc8244a7c0c17f
Size: 5.56 MB - postgresql-server-devel-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: e3c533768fe758ef3ed4f1ec32d256b9
SHA-256: 63e6b1186080aad4457e215c861f563a8b55350438dc41a9fd0beb20c41aac70
Size: 1.23 MB - postgresql-static-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: f42a216be32c1dcdb746cbbaa0910510
SHA-256: b701e6e5ec6bfe5ac127816070d7e6096aa96432ccd5d44e22da2c83c46c4c16
Size: 175.50 kB - postgresql-test-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: f80670e608aeb77ae3e19c571b2af4aa
SHA-256: f71fa17d2ee60bae72737e0054e76f8659756366c4e79c4f6f6688b8fc058076
Size: 1.97 MB - postgresql-test-rpm-macros-12.22-6.module+el8+1960+495d3271.noarch.rpm
MD5: 94ea8801984b76d86e805539f6a6560d
SHA-256: 7eb1abbf48b7977460759d2fcc49b31a43c1b71946315683fd33847f480132fa
Size: 53.50 kB - postgresql-upgrade-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 5a24f0998b374e9b576646ab3a42f921
SHA-256: 203b394589f8262010e434c6bd61906e3cb21f06fde2ecc787e5c4af210eae59
Size: 4.07 MB - postgresql-upgrade-devel-12.22-6.module+el8+1960+495d3271.x86_64.rpm
MD5: 8dab01ac3928786d89918b5ce6838262
SHA-256: 60a617b83946ec3febea8a81b767b0fa8e61625051148734f603933b71f0e77e
Size: 1.13 MB
English