postgresql:9.6 security update
エラータID: AXSA:2021-1513:01
Release date:
Saturday, February 20, 2021 - 04:47
Subject:
postgresql:9.6 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version:
postgresql (9.6.20).
Security Fix(es):
postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)
postgresql: Multiple features escape "security restricted operation" sandbox
(CVE-2020-25695)
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER
execution (CVE-2019-10208)
postgresql: Uncontrolled search path element in CREATE EXTENSION
(CVE-2020-14350)
postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)
postgresql: Selectivity estimators bypass row security policies
(CVE-2019-10130)
postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
(CVE-2020-1720)
CVE(s):
CVE-2019-10130
CVE-2019-10208
CVE-2020-1720
CVE-2020-14350
CVE-2020-25694
CVE-2020-25695
CVE-2020-25696
Modularity name: postgresql
Stream name: 9.6
Solution:
Update packages.
CVEs:
CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Additional Info:
N/A
Download:
SRPMS
- postgresql-9.6.20-1.module+el8+1188+d582690e.src.rpm
MD5: 5899d34e166c1afee19e6902e963006e
SHA-256: 05ed8a16bc84f0ab662c6637e4da6a6dc4f86a8345ee4b9df5dbeff0f98ec577
Size: 24.40 MB
Asianux Server 8 for x86_64
- postgresql-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: b756b5584c7eed80e7226d910e779cb3
SHA-256: e89424462f58112c6599c5f9deff170ff0cadcbcb9bb8d6d9378e7c877945315
Size: 1.39 MB - postgresql-contrib-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 67eb3df12c90a34416a1e30e80dfbf2e
SHA-256: b8ce9e9bb642fb2c2a71bbc55124f65b88c8a02be2d55fd183425f0a67d5a101
Size: 751.84 kB - postgresql-debugsource-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: a6ef0abf672cb925b90aafd8c1cf26ef
SHA-256: 7322b94d9f679bc288766e337f5f1e738f1be8e635f32a945c72bba3869d8411
Size: 8.04 MB - postgresql-docs-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: f56466d2147fc59b281a6e7546bbd586
SHA-256: a06e8df30657943e735f56008e8c5ab903e30918386dc6191dbb746cda168ad4
Size: 8.32 MB - postgresql-plperl-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 60e5eb06f2932f64afa32c6a7fe10e94
SHA-256: 865fc18eb6a822bfe0b5867be1b17990d3719482d307bed7f9c2b580b8d02e68
Size: 100.14 kB - postgresql-plpython3-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 50e573b6476ecbdd8440954e5fa9244e
SHA-256: 1de5caad2deffd4267cfee9f9d03bfc0bbae8a3c9fed0b90498ee77a0bf4be75
Size: 115.64 kB - postgresql-pltcl-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 6628b9c1371be74174b933f34bb84ddc
SHA-256: 6dfdec47c82bce422bc1fbcbb0ccb35eda208e9d5956baf3e807c39488b7c0fa
Size: 79.38 kB - postgresql-server-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 90c9d8d809d1e872e822ef1b52cf754d
SHA-256: 8619d8da838e7ee7335f247b6277a447ef8fb2346b1f29f4f5831debcd567254
Size: 4.96 MB - postgresql-server-devel-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 3607d73a59429a896be6c439bfd0c0d6
SHA-256: 5d970dfacee3edad0ab4d1e2edadb819b669e7c66645ebba835610a4ca89c450
Size: 1.00 MB - postgresql-static-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 34237c7b993bfbcd12c03495c120201d
SHA-256: 228adb295247b2f496afe6d67f8a2c14b896e4ca7b3c792d1925640f300abe3d
Size: 90.07 kB - postgresql-test-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: ede56e02114cfd13a8f93b094f35987e
SHA-256: 7b6e007eae54cdeadaf2cedd5556b5ab02379928c5b9b53e7fb6d96c0b6fcd55
Size: 1.55 MB - postgresql-test-rpm-macros-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 6c8d370942bd953626f40e11e257ae4d
SHA-256: 6b38c923643daf00caa70658d6a57a6f81f319517828617cd2162d4646fdf159
Size: 47.14 kB
日本語