[security - high] postgresql:12 security update, postgresql-12.22-6.module+el8+1960+495d3271

エラータID: AXSA:2026-303:01

リリース日: 
2026/03/13 Friday - 18:35
題名: 
[security - high] postgresql:12 security update, postgresql-12.22-6.module+el8+1960+495d3271
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Modularity name: "postgresql"
Stream name: "12"

解決策: 

Update packages.

CVE: 
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-1.4.0-7.module+el8+1960+495d3271.ML.1.src.rpm
    MD5: c2a54bcefe78c07632a1379fa0ce45ae
    SHA-256: fe3bfb01a5fd3198bef9f0c7549df7693bc71c4a30b69a60b9fe25fa5d1822bf
    Size: 42.40 kB
  2. pg_repack-1.4.6-3.module+el8+1960+495d3271.src.rpm
    MD5: 47b49ee02d80f24da28e0bf1e28728a9
    SHA-256: 713d593d772330025039477d30e668f3fff9f780bc6ddc564ede1c91dd559963
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1960+495d3271.src.rpm
    MD5: bac3bdc526c7d28488e5b8ed0d3d4b34
    SHA-256: 7f6a5f94708522bcabe3e30f4897cb3fc4418b8726de3c94731a719ef9d88120
    Size: 21.13 kB
  4. postgresql-12.22-6.module+el8+1960+495d3271.src.rpm
    MD5: 7d409ff955435bc48fcea8cf4b2c2173
    SHA-256: 74d776f3ace9bab3397cd9515e45e5178cfcc3630e2952a2186053d5616ca997
    Size: 46.79 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.4.0-7.module+el8+1960+495d3271.ML.1.x86_64.rpm
    MD5: befad7d25126d892c566613ef4e62ba9
    SHA-256: cd0f111acb40df055366e9c29a4485674af798adba0e6850696909954b188e75
    Size: 27.10 kB
  2. pgaudit-debugsource-1.4.0-7.module+el8+1960+495d3271.ML.1.x86_64.rpm
    MD5: 0f0a62b00742499ab6f2f7f5d427a906
    SHA-256: f55c592d53f546d2158cd9ba5c803ed943b13cb9c306bbf165274b980ee1f75e
    Size: 23.04 kB
  3. pg_repack-1.4.6-3.module+el8+1960+495d3271.x86_64.rpm
    MD5: 02ef0b179d928f62cc98228dfe7e00dc
    SHA-256: 1276dc24542b302fac21261e2bc9458782e9168db9e0541a185c1b2df9d44f12
    Size: 89.17 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1960+495d3271.x86_64.rpm
    MD5: b785e044e866c7ac7a4ce1a1244695ea
    SHA-256: b88546ca8f9ab7c300d0d75cf394f856d65b94cee42111a95dc762b35173d421
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1960+495d3271.x86_64.rpm
    MD5: 0f7a1b7b78fafdd986b8f0c30fe4cda6
    SHA-256: 227060eec309600270021097f41593abadefdd9f88932c61996694368f2cdde9
    Size: 21.84 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1960+495d3271.x86_64.rpm
    MD5: 09d44495351d43ae8f4aa14c22c063b3
    SHA-256: 03d251448fe65711fd5038fce626b707f75b14d60566aae923cf32cb112566c9
    Size: 16.81 kB
  7. postgresql-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 84b10858b34aa81095a7fe3f6e4e2856
    SHA-256: 4277c9b2376962ca782fc105bbb086518e6b8ad6eb30e41140111ba61a75567c
    Size: 1.52 MB
  8. postgresql-contrib-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: fa2b586e2e897df8c5b642ac6668cf45
    SHA-256: b0f9f7bc9a102496ea42e04c19877e34d64990199b4475de93ba5b070004b6dc
    Size: 875.23 kB
  9. postgresql-debugsource-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: bf13ab1f2405d5c47ad0806765ed199d
    SHA-256: dceda97eb520cb2c2d849adbfdb56c915f94f90001347e151683e6c3f1fbfe9f
    Size: 17.00 MB
  10. postgresql-docs-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: b725c714ee72c0e0dc944bf213d4d18e
    SHA-256: 5a782279df6cd7f6579e6d3b1a1cc532be08151aaa4fcd509b514f8e9b975b39
    Size: 9.85 MB
  11. postgresql-plperl-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 5acc809bee63f6fd50b2cdca47370aae
    SHA-256: 17173e3239bd1864497951dd66e1f5c2079959a5ffbe2350678e4af13c123820
    Size: 110.24 kB
  12. postgresql-plpython3-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 90ddff2c8d473cab38f09dc19436fb00
    SHA-256: 6616e5f01620f837f064b8dff3688182312cc636c593ba72aaf584e5e5f8515e
    Size: 130.33 kB
  13. postgresql-pltcl-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: ae80bb8a40fb0e20754df180a6dbae31
    SHA-256: 50181107dc39f0cdf8028baa04827de537fd4991700d3646bf61496431c1db45
    Size: 85.83 kB
  14. postgresql-server-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 7c0df31eff1dda791c3677b5d7a4dbb3
    SHA-256: 49a7559dd5eb8f456892e69aae9c9a98cd4874cdf54ff30f12fc8244a7c0c17f
    Size: 5.56 MB
  15. postgresql-server-devel-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: e3c533768fe758ef3ed4f1ec32d256b9
    SHA-256: 63e6b1186080aad4457e215c861f563a8b55350438dc41a9fd0beb20c41aac70
    Size: 1.23 MB
  16. postgresql-static-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: f42a216be32c1dcdb746cbbaa0910510
    SHA-256: b701e6e5ec6bfe5ac127816070d7e6096aa96432ccd5d44e22da2c83c46c4c16
    Size: 175.50 kB
  17. postgresql-test-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: f80670e608aeb77ae3e19c571b2af4aa
    SHA-256: f71fa17d2ee60bae72737e0054e76f8659756366c4e79c4f6f6688b8fc058076
    Size: 1.97 MB
  18. postgresql-test-rpm-macros-12.22-6.module+el8+1960+495d3271.noarch.rpm
    MD5: 94ea8801984b76d86e805539f6a6560d
    SHA-256: 7eb1abbf48b7977460759d2fcc49b31a43c1b71946315683fd33847f480132fa
    Size: 53.50 kB
  19. postgresql-upgrade-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 5a24f0998b374e9b576646ab3a42f921
    SHA-256: 203b394589f8262010e434c6bd61906e3cb21f06fde2ecc787e5c4af210eae59
    Size: 4.07 MB
  20. postgresql-upgrade-devel-12.22-6.module+el8+1960+495d3271.x86_64.rpm
    MD5: 8dab01ac3928786d89918b5ce6838262
    SHA-256: 60a617b83946ec3febea8a81b767b0fa8e61625051148734f603933b71f0e77e
    Size: 1.13 MB