AXSA:2020-847:03

Release date: 
Monday, November 2, 2020 - 09:18
Subject: 
postgresql-jdbc-42.2.3-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-jdbc-42.2.3-3.el8.src.rpm
    MD5: f540f89e3563601cbddc8dffabee335e
    SHA-256: 3ff76b68132b861f83b570054289ebbb39a024152774c1d9e64a6545002469a5
    Size: 1.35 MB

Asianux Server 8 for x86_64
  1. postgresql-jdbc-42.2.3-3.el8.noarch.rpm
    MD5: 6c6060009c4118056fda336560ad4e73
    SHA-256: 714f208bfcc45678e87c9e72cc8500bbbebbd701d3e4f3600bf8218fcb93ec13
    Size: 708.61 kB
  2. postgresql-jdbc-javadoc-42.2.3-3.el8.noarch.rpm
    MD5: a242704a5114700cb78a627e4a645c9e
    SHA-256: a8830b85967d0b6535052c683cd346c6904e1c4d7a75ba8117fa869d65c3ea4f
    Size: 624.66 kB
Copyright© 2007-2015 Asianux. All rights reserved.