postgresql-9.2.23-3.el7

エラータID: AXSA:2017-2464:03

リリース日:

2017/12/11 Monday - 12:00

題名:

影響のあるチャネル:

Asianux Server 7 for x86_64

Severity:

Moderate

Description:

以下項目について対処しました。

[Security Fix]
- PostgreSQL のパッケージャが作成した開始スクリプトの実装のいくつか
には，スーパーユーザがログファイルの名前をシンボリックリンクと置き換
え可能なスクリプトがあります。root 権限でこのサーバを開始した場合，
スーパーユーザが root 権限に昇格し，任意のコードを実行する脆弱性が
あります。(CVE-2017-12172)

- PostgreSQL の初期化スクリプトに権限昇格の問題があり，postgres
ユーザアカウントにアクセス可能な攻撃者がサーバマシン上の root
権限でのアクセスができる脆弱性があります。(CVE-2017-15097)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策:

パッケージをアップデートしてください。

CVE:

CVE-2017-12172
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

CVE-2017-15097
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

追加情報:

N/A

ダウンロード:

SRPMS

postgresql-9.2.23-3.el7.src.rpm
MD5: 18ad3e7e9063d0ddd7dc3d565264c698
SHA-256: 864a60a78dcf8778e792659978ce97966b5335fb7dee9b8bb877fc3c0cd81035
Size: 35.93 MB

Asianux Server 7 for x86_64

postgresql-9.2.23-3.el7.x86_64.rpm
MD5: 046cab22086a9fb8ffe7438c17bdafdd
SHA-256: d37877c8217f22947e1e903868310debf6f949a49b9053e5fa197178e2131382
Size: 3.03 MB
postgresql-contrib-9.2.23-3.el7.x86_64.rpm
MD5: 98adecbcb49ab2f7e4b8ecf573c7b34e
SHA-256: 34028fe54b1c3bb5377473554dfca91019e22b6ed20794fd1b7d7bcc5fb2a0e6
Size: 551.14 kB
postgresql-devel-9.2.23-3.el7.x86_64.rpm
MD5: 3139a758462366823f9b146b509f12a1
SHA-256: 6fcaf6ebae102a36f2dc264d3da86983ca8ee46d37038b8d661a875cdd1c5d63
Size: 950.81 kB
postgresql-docs-9.2.23-3.el7.x86_64.rpm
MD5: 2f0adaea7177315a8bc7841320437a72
SHA-256: eb565f8ab64c1076f076ad1362609a2157d7c92373c2d1e8b7cf110a8cb2e1a1
Size: 6.86 MB
postgresql-libs-9.2.23-3.el7.x86_64.rpm
MD5: 1604dc464b481477ef7b9af43d152072
SHA-256: 50b6cf38e9ca1d3f66a7fc6f20172f4a096b1541987b5353bc7ed197a82e51de
Size: 232.71 kB
postgresql-plperl-9.2.23-3.el7.x86_64.rpm
MD5: 886226c34809f33aa8852f449aaf98e5
SHA-256: 0327e96dbe34bf7ff9778affbb708c78e232443041eee9efbf0a836e4324b1ed
Size: 82.26 kB
postgresql-plpython-9.2.23-3.el7.x86_64.rpm
MD5: 0ed58dc0cddcd6fa755016df9ade3750
SHA-256: b1f23df038761f35b3b287dcb57e75ea324b27077cbcda10bb2fed081814bc80
Size: 95.20 kB
postgresql-pltcl-9.2.23-3.el7.x86_64.rpm
MD5: 2573285708d3bc6ef12d1ce3a1319762
SHA-256: 5c1ac3c88f66d061217c6416cb2ee8b01e4b63a913a601891c0284fc5fea5076
Size: 58.48 kB
postgresql-server-9.2.23-3.el7.x86_64.rpm
MD5: 56a1e25620fbd690d0b9eac92c1c9343
SHA-256: 51b173f573f5c207152f09e03feafa574ce2b77ad3de9e77b81da0715f7ceb0e
Size: 3.78 MB
postgresql-test-9.2.23-3.el7.x86_64.rpm
MD5: d4e0f4aa5eafdb887ca1c6eeca8848f0
SHA-256: f6c1c3548542a758bb86e514a98a2b62edbf44d007bb0895264e94633f5f7932
Size: 1.76 MB
postgresql-9.2.23-3.el7.i686.rpm
MD5: e306643b00f4fd1e6dda646c2c72c922
SHA-256: 39a485ff2fb540a35499230d9948834b561f24a433a74484f91e0c9c372d5da6
Size: 3.01 MB
postgresql-devel-9.2.23-3.el7.i686.rpm
MD5: 752e1bcc8ec839a08faa069810979a5a
SHA-256: c081293ebc9ff6d4b9ebbcc890c80a90575af79e357f9fc6a1c027b233400cb8
Size: 944.80 kB
postgresql-libs-9.2.23-3.el7.i686.rpm
MD5: 47da3f6715553d3f58b0da84e2820cb8
SHA-256: 0b2fff26016bb9408dbb17cd6409e2100f8223f0e4d723fb766cc1ed2171b257
Size: 232.32 kB

English

Main menu

You are here

postgresql-9.2.23-3.el7