rh-postgresql10-postgresql-10.12-2.el7

エラータID: AXSA:2020-4528:01

Release date: 
Thursday, March 26, 2020 - 12:54
Subject: 
rh-postgresql10-postgresql-10.12-2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.12).

Security Fix(es):

* PostgreSQL: stack-based buffer overflow via setting a password (CVE-2019-10164)

* PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Solution: 

Update packages.

CVEs: 
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
CVE-2020-1720

Additional Info: 

N/A

Download: 

SRPMS
  1. rh-postgresql10-postgresql-10.12-2.el7.src.rpm
    MD5: 4421ca0a6c2688d90059b383a73251af
    SHA-256: 0b6e05ed1aeab1b35f774e2a8e9854a3bc7f4be3f99cde16316b7fabadeff44a
    Size: 25.30 MB

Asianux Server 7 for x86_64
  1. rh-postgresql10-postgresql-10.12-2.el7.x86_64.rpm
    MD5: d2eba0a187ffe019b5f1b512b523c07f
    SHA-256: e6e021d5c794723c4b26bae582bca7b75ca4b0623d685b3faceb1990d43d32a1
    Size: 1.45 MB
  2. rh-postgresql10-postgresql-contrib-10.12-2.el7.x86_64.rpm
    MD5: a89321b5600da3387e4a60499f293167
    SHA-256: 6808aa56a25674252f5fc0461d8cdca684cd27f6d9efb7f4628e46b3396d0020
    Size: 773.66 kB
  3. rh-postgresql10-postgresql-contrib-syspaths-10.12-2.el7.x86_64.rpm
    MD5: 2397e8812fe4c3f4091fd60828b5437a
    SHA-256: 3513206826354d6bfb0f105fbb0178fc79ea39102577b10a8381145bfee3e66b
    Size: 40.67 kB
  4. rh-postgresql10-postgresql-devel-10.12-2.el7.x86_64.rpm
    MD5: 81bd5f7c366357cd12d90091a7d807c1
    SHA-256: 0a7ff8208ab0f01b314f427b3c7d2e3ed3a50f9172ddcdd3f06e0b66794467db
    Size: 1.29 MB
  5. rh-postgresql10-postgresql-docs-10.12-2.el7.x86_64.rpm
    MD5: 75474f74dbf2d7721313ce7df4b09e45
    SHA-256: 6f401eaf7759425a6af8f5fc56b28fbd8e89b9a8bc413c7de446ed5368dec186
    Size: 8.92 MB
  6. rh-postgresql10-postgresql-libs-10.12-2.el7.x86_64.rpm
    MD5: 745224931e70ea69747fbc3f5a62cff0
    SHA-256: 7f696567160ee28df4a3af730f6a8dc3f97bdd60fa0fb00869ac5bd7cd9658dc
    Size: 290.30 kB
  7. rh-postgresql10-postgresql-plperl-10.12-2.el7.x86_64.rpm
    MD5: 3e67410c2eb52925502771f261c8c1a4
    SHA-256: deb7447c29a1819d50ba36a90a575ade3352ba9872ddfa51553ffb81b98bd2a8
    Size: 89.74 kB
  8. rh-postgresql10-postgresql-plpython-10.12-2.el7.x86_64.rpm
    MD5: c82977f144c906560be5f759fedb187c
    SHA-256: 72d873bd39b4c8306e36d9664207d5686e4889b26670dbbfdd02e7c879f79724
    Size: 112.16 kB
  9. rh-postgresql10-postgresql-pltcl-10.12-2.el7.x86_64.rpm
    MD5: 156fd1a20b2f94e041d159585c8ab1d0
    SHA-256: 70213af75960a04a0d9e53465afe0d1ae2011f7993db2ca4718fa21ed082ebe0
    Size: 68.37 kB
  10. rh-postgresql10-postgresql-server-10.12-2.el7.x86_64.rpm
    MD5: 138d49fc83ff9b37226357f8434ca4d1
    SHA-256: aa0942747091567c6f00af6ff511bcb32baa131c1b18f1525f64754d567809d4
    Size: 4.85 MB
  11. rh-postgresql10-postgresql-server-syspaths-10.12-2.el7.x86_64.rpm
    MD5: f4f837db75ca9052defc6d8df279c858
    SHA-256: e1c4ef0862104fa020882f85748c63485eca967f1eb4a5ad127176aba3bff2e3
    Size: 42.16 kB
  12. rh-postgresql10-postgresql-static-10.12-2.el7.x86_64.rpm
    MD5: a2a099db3a11fdf4a831d99a39621ef4
    SHA-256: 8cf607b7d237f75c8078439d5db9e256b5a688b51176555ae7de6c4a6c9976b3
    Size: 103.74 kB
  13. rh-postgresql10-postgresql-syspaths-10.12-2.el7.x86_64.rpm
    MD5: 218a0b702377a46717a657033146da1d
    SHA-256: bbc4a9eb2abb1393d786a3c49e86cf6cbd0e080066c0c8f49b3e57af84e66960
    Size: 41.98 kB
  14. rh-postgresql10-postgresql-test-10.12-2.el7.x86_64.rpm
    MD5: 3608b2f510fc83cc4d9fe35e632c8366
    SHA-256: 0c930e6619fa9d40631bf7821839efe5d870f8696f0b19d23241398cfdf0a49f
    Size: 1.64 MB