libpq-12.5-1.el8
エラータID: AXSA:2021-1461:01
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.
The following packages have been upgraded to a later upstream version: libpq (12.5).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
* postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Update packages.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- libpq-12.5-1.el8.src.rpm
MD5: 2d7c8d46f137b92f7d1f31225bb1afe2
SHA-256: c5c226eb09628d6b464ccebde0efe45eee09a2708c266d2ae939d34bcbd63ac6
Size: 19.68 MB
Asianux Server 8 for x86_64
- libpq-12.5-1.el8.x86_64.rpm
MD5: 3318c3e15f0120c798ac7bfe4af96b39
SHA-256: 7e0173d7b60307941df0b9b6ea777600af8f8b8a324709d8b6bf272f11c4ffc6
Size: 193.87 kB - libpq-devel-12.5-1.el8.x86_64.rpm
MD5: 99b454380c2643bd8af4625e95399ce0
SHA-256: 25c2c3fd1c1556cf2ae87f8002181e9fa3d330c51e310764ea13d3282b3d77e5
Size: 96.80 kB - libpq-12.5-1.el8.i686.rpm
MD5: 226808e7b4d63a4a5842c0d41d069bfa
SHA-256: 824e25d5464a9bca303ca5aa5f76beb0ae705791748b682609ca19bfa7b0ede9
Size: 204.10 kB - libpq-devel-12.5-1.el8.i686.rpm
MD5: 3b4ef790f36d96b66124712e6b632af5
SHA-256: 0424513d22eee18aade67899797acad448dd0a600bf9a5009a9813bf42b7d0b5
Size: 98.80 kB