postgresql-jdbc-9.2.1002-8.el7

エラータID: AXSA:2020-252:01

Release date: 
Tuesday, August 4, 2020 - 05:22
Subject: 
postgresql-jdbc-9.2.1002-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)

This update introduces a backwards incompatible change required to resolve this issue. Refer to the Asianux Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Solution: 

Update packages.

CVEs: 
CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-jdbc-9.2.1002-8.el7.src.rpm
    MD5: cfad0699c933736c53516f5cad2bc22c
    SHA-256: 70af03b5bb0abc21c6c203abe63a5f82bf0cfc98fddcec5d5899c212a6db9803
    Size: 675.71 kB

Asianux Server 7 for x86_64
  1. postgresql-jdbc-9.2.1002-8.el7.noarch.rpm
    MD5: 6ccd4bf37df778e791b75f00d675f37e
    SHA-256: 2d198b5609d1a7509ae43fdf7c03befce524b52654258c440cf394c7513b1b6b
    Size: 451.62 kB