rh-postgresql10-postgresql-10.15-1.el7
エラータID: AXSA:2020-963:02
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.15).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695)
* postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Update packages.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- rh-postgresql10-postgresql-10.15-1.el7.src.rpm
MD5: 7cde06825b4e48ce4b003edbcafbbe25
SHA-256: b88d449240dabb6db6dca47cda9ded3ac48573185a160ba48628548d2224cded
Size: 25.43 MB
Asianux Server 7 for x86_64
- rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm
MD5: 2a1b84649512f0cebf17d1c8baaf04df
SHA-256: 092bec77d22ac88767aa4c1d5875412deb2fc2ca1ce4b62f3c845f207b787a62
Size: 1.46 MB - rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm
MD5: c8be944aed32ed24628cd7b0f4d65eea
SHA-256: b2a5666ada3553922252ca0c76fe821bc9bf7a28f5f1e2aaa64f94ecf63e4f74
Size: 774.25 kB - rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm
MD5: d98088ba4fbd9a35df3201150db8b9e6
SHA-256: d7620bedb3da20ffbd88cfc8589f03edf9f52f4f95d2f14a486ff1b717e5a937
Size: 40.96 kB - rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm
MD5: 7b20a0b0c0078e6f46106ca5ca41d306
SHA-256: 8a46266e985b8d3ec6248d53a8f309cfafbb684b191986818d5b6432b48a21c9
Size: 1.29 MB - rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm
MD5: 6d245db98654dd913a38da7264f665db
SHA-256: 9500fec9183332c9db2755edbfc5b2547e3537cc002783af57a1265e30287f51
Size: 9.01 MB - rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm
MD5: deb70e8e6a92e9fce6b4a2e598828590
SHA-256: e94011d95919c4d2c5aa1707802c01ed2069359697b113b6d97e001a073e3aea
Size: 290.47 kB - rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm
MD5: c937514bac0ee0a3ba52180253e03522
SHA-256: 5ba56e5990a7cfb3d0f5c2315ea2f76a7430dffb636c15a955af717d16aae204
Size: 90.02 kB - rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm
MD5: 3d51b62e67b7262333ea2b43d8979681
SHA-256: fbb02acb1ce1f0e6d9236a60e37553b0bf4c89d4249ac374c3ab0a3b87a4ea46
Size: 112.46 kB - rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm
MD5: 459149bcde6d36599c78aa2038b5010e
SHA-256: c11b70361e8b6a5cd4444552aa300248ebb59503adc735a5b258fc4992588b77
Size: 68.67 kB - rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm
MD5: 7a15d6cb7950e85d1d9d62cbbeaaa229
SHA-256: 8e8180b441e6b7d1224c3c1e7778e50d4399be900180f7332b6c18dac4e0eacb
Size: 4.86 MB - rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm
MD5: 0b2ac26338512c5adb4cc0003d41742e
SHA-256: c84a6bc1cb6d70f4d0ffaf14cf20cbf0c67a3194585cc39277a8a84758f3a4da
Size: 42.46 kB - rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm
MD5: a5cd23937f0fc36f5950e8ec0c8bb0d0
SHA-256: 092633de3c3c3f26c840cfee97a59a4e59873928b8718eff695855ec69b7fe1b
Size: 104.02 kB - rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm
MD5: a1eb6b4b4e12f181cbfe0f7250ac752b
SHA-256: 2bd33988de8a533ffa78aea6c16fcc9213017e0430761b1c190b10645d6fce14
Size: 42.28 kB - rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm
MD5: 5adde2743b56e7a126100833e18612c5
SHA-256: c06ac6afcaede0c3b9c19ab6587f378389395cc35edb554f3f11d109b9c5f3c1
Size: 1.66 MB