Уязвимость CVE-2023-5870: Информация

Описание

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Важность: MEDIUM (4,4) Вектор: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-5870

Опубликовано: 10 декабря 2023 г.

Изменено: 25 января 2024 г.

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
postgresql11	p10	11.22-alt0.p10.1	11.22-alt0.p10.1	ALT-PU-2023-7086-4	333972	Исправлено
postgresql11	p10_e2k	11.22-alt0.p10.1	11.22-alt0.p10.1	ALT-PU-2023-7587-1	-	Исправлено
postgresql11	p9	11.22-alt0.M90P.1	11.22-alt0.M90P.1	ALT-PU-2023-7481-2	333985	Исправлено
postgresql11	c10f1	11.22-alt0.p10.1	11.22-alt0.p10.1	ALT-PU-2023-8223-2	336885	Исправлено
postgresql11	c9f2	11.22-alt0.M90P.1	11.22-alt0.M90P.1	ALT-PU-2023-7083-2	333990	Исправлено
postgresql12	sisyphus	12.17-alt1	12.18-alt1	ALT-PU-2023-7059-1	333881	Исправлено
postgresql12	sisyphus_e2k	12.17-alt1	12.18-alt1	ALT-PU-2023-7146-1	-	Исправлено
postgresql12	sisyphus_riscv64	12.17-alt2	12.18-alt1	ALT-PU-2023-7198-1	-	Исправлено
postgresql12	p10	12.17-alt0.p10.1	12.18-alt0.p10.1	ALT-PU-2023-7087-4	333972	Исправлено
postgresql12	p10_e2k	12.17-alt0.p10.1	12.18-alt0.p10.1	ALT-PU-2023-7588-1	-	Исправлено
postgresql12	p9	12.17-alt0.M90P.1	12.18-alt0.M90P.1	ALT-PU-2023-7480-2	333985	Исправлено
postgresql12	c10f1	12.17-alt0.p10.1	12.18-alt0.p10.1	ALT-PU-2023-8221-2	336885	Исправлено
postgresql12	c9f2	12.17-alt0.M90P.1	12.18-alt0.c9f2.1	ALT-PU-2023-7082-2	333990	Исправлено
postgresql12-1C	p9	12.17-alt0.M90P.1	12.17-alt0.M90P.2	ALT-PU-2023-7479-2	333985	Исправлено
postgresql12-1C	c9f2	12.17-alt0.M90P.1	12.17-alt0.c9f2.2	ALT-PU-2023-7081-2	333990	Исправлено
postgresql13	sisyphus	13.13-alt1	13.14-alt1	ALT-PU-2023-7057-1	333881	Исправлено
postgresql13	sisyphus_e2k	13.13-alt1	13.14-alt1	ALT-PU-2023-7147-1	-	Исправлено
postgresql13	sisyphus_riscv64	13.13-alt2	13.14-alt1	ALT-PU-2023-7173-1	-	Исправлено
postgresql13	p10	13.13-alt0.p10.1	13.14-alt0.p10.1	ALT-PU-2023-7088-4	333972	Исправлено
postgresql13	p10_e2k	13.13-alt0.p10.1	13.14-alt0.p10.1	ALT-PU-2023-7589-1	-	Исправлено
postgresql13	c10f1	13.13-alt0.p10.1	13.14-alt0.p10.1	ALT-PU-2023-8224-2	336885	Исправлено
postgresql14	sisyphus	14.10-alt1	14.11-alt1	ALT-PU-2023-7062-1	333881	Исправлено
postgresql14	sisyphus_e2k	14.10-alt1	14.11-alt1	ALT-PU-2023-7148-1	-	Исправлено
postgresql14	sisyphus_riscv64	14.10-alt2	14.11-alt1	ALT-PU-2023-7174-1	-	Исправлено
postgresql14	p10	14.10-alt0.p10.1	14.11-alt0.p10.1	ALT-PU-2023-7089-4	333972	Исправлено
postgresql14	p10_e2k	14.10-alt0.p10.1	14.11-alt0.p10.1	ALT-PU-2023-7590-1	-	Исправлено
postgresql14	c10f1	14.10-alt0.p10.1	14.11-alt0.p10.1	ALT-PU-2023-8225-2	336885	Исправлено
postgresql15	sisyphus	15.5-alt1	15.6-alt1	ALT-PU-2023-7060-1	333881	Исправлено
postgresql15	sisyphus_e2k	15.5-alt1	15.6-alt1	ALT-PU-2023-7149-1	-	Исправлено
postgresql15	sisyphus_riscv64	15.5-alt1	15.6-alt1	ALT-PU-2023-7763-1	-	Исправлено
postgresql15	p10	15.5-alt0.p10.1	15.6-alt0.p10.1	ALT-PU-2023-7090-4	333972	Исправлено
postgresql15	p10_e2k	15.5-alt0.p10.1	15.6-alt0.p10.1	ALT-PU-2023-7591-1	-	Исправлено
postgresql15	c10f1	15.5-alt0.c10.1	15.6-alt0.c10.1	ALT-PU-2023-8222-2	336885	Исправлено
postgresql15-1C	sisyphus	15.5-alt1	15.5-alt4	ALT-PU-2023-7058-1	333881	Исправлено
postgresql15-1C	sisyphus_e2k	15.5-alt1	15.5-alt4	ALT-PU-2023-7150-1	-	Исправлено
postgresql15-1C	sisyphus_riscv64	15.5-alt2	15.5-alt4	ALT-PU-2023-7167-1	-	Исправлено
postgresql15-1C	p10	15.5-alt0.p10.2	15.5-alt0.p10.3	ALT-PU-2023-7207-2	333972	Исправлено
postgresql15-1C	p10_e2k	15.5-alt0.p10.2	15.5-alt0.p10.3	ALT-PU-2023-7592-1	-	Исправлено
postgresql15-1C	c10f1	15.5-alt0.p10.2	15.5-alt0.p10.3	ALT-PU-2023-8226-2	336885	Исправлено
postgresql16	sisyphus	16.1-alt1	16.2-alt1	ALT-PU-2023-7061-1	333881	Исправлено
postgresql16	sisyphus_e2k	16.1-alt2	16.2-alt1	ALT-PU-2023-7145-1	-	Исправлено
postgresql16	sisyphus_riscv64	16.1-alt2	16.2-alt1	ALT-PU-2023-7196-1	-	Исправлено
postgresql16	p10	16.1-alt1	16.2-alt0.p10.1	ALT-PU-2023-7061-1	333881	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
RHSA-2023:7545	Third Party Advisory
RHSA-2023:7579	Third Party Advisory
RHSA-2023:7580	Third Party Advisory
RHSA-2023:7581	Third Party Advisory
RHSA-2023:7616	Third Party Advisory
RHSA-2023:7656	Third Party Advisory
RHSA-2023:7666	Third Party Advisory
RHSA-2023:7667	Third Party Advisory
RHSA-2023:7694	Third Party Advisory
RHSA-2023:7695	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5870	Third Party Advisory
RHBZ#2247170	Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/	Release Notes
https://www.postgresql.org/support/security/CVE-2023-5870/	Vendor Advisory
RHSA-2023:7714	Third Party Advisory
RHSA-2023:7770	Third Party Advisory
RHSA-2023:7772	Third Party Advisory
RHSA-2023:7784
RHSA-2023:7785
RHSA-2023:7883
RHSA-2023:7884
RHSA-2023:7885
RHSA-2024:0304
https://security.netapp.com/advisory/ntap-20240119-0003/
RHSA-2024:0332
RHSA-2024:0337

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  15.0
  End excliding
  15.5
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  14.0
  End excliding
  14.10
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  13.0
  End excliding
  13.13
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  12.0
  End excliding
  12.17
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  11.0
  End excliding
  11.22
  
  Конфигурация 2
  cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*

Версия: v24.4.2

Наверх

Уязвимость CVE-2023-5870: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2