postgresql-jdbc-8.4.704-4.AXS4

エラータID: AXSA:2020-253:02

Release date: 
Tuesday, August 4, 2020 - 05:26
Subject: 
postgresql-jdbc-8.4.704-4.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)

This update introduces a backwards incompatible change required to resolve this issue. Refer to the Asianux Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Solution: 

Update packages.

CVEs: 
CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-jdbc-8.4.704-4.AXS4.src.rpm
    MD5: 1930e4866505b339cba5bc4cdac7f652
    SHA-256: 544a0c8642fd9eeba333649693571c2530df8d607e82b8d6f9064077b75eed08
    Size: 607.50 kB

Asianux Server 4 for x86
  1. postgresql-jdbc-8.4.704-4.AXS4.noarch.rpm
    MD5: 31b5341ec71d9995645ad6e19b255c41
    SHA-256: 7d02029709d1f46b87269c615af811457a40b804286071110faffb59c7e07a2a
    Size: 408.85 kB

Asianux Server 4 for x86_64
  1. postgresql-jdbc-8.4.704-4.AXS4.noarch.rpm
    MD5: 2727f4a2a318ac46605bc3b84fe5c0a2
    SHA-256: dfe915094e983a4aed4799f7538178bcf828e8a42027407b56c30540fa6e5fd0
    Size: 408.39 kB