postgresql:10 security update
エラータID: AXSA:2021-1514:01
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version:
postgresql (10.15).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation" sandbox
(CVE-2020-25695)
* postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
before 10.15, before 9.6.20 and before 9.5.24. If a client application that
creates additional database connections only reuses the basic connection
parameters while dropping security-relevant parameters, an opportunity for a
man-in-the-middle attack, or the ability to observe clear-text transmissions,
could exist. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to
create non-temporary objects in at least one schema can execute arbitrary SQL
functions under the identity of a superuser. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions
before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before
9.5.24. If an interactive psql session uses \gset when querying a compromised
server, the attacker can execute arbitrary code as the operating system account
running psql. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
Modularity name: postgresql
Stream name: 10
Update packages.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- postgresql-10.15-1.module+el8+1189+94dda58b.src.rpm
MD5: 3d1a5256f3b9e9e7a0081bf268ad620f
SHA-256: 0c84c258dfae18074eed099d0b94635e1f6d39a6b38943b4e4967bf28a5cee08
Size: 40.89 MB
Asianux Server 8 for x86_64
- postgresql-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 4aca3c4baa9e67f0c57d0512064f47e8
SHA-256: ce72d5e1ed3a83765fbf711a08838c75b36315dc4dcf107f9d69b4284586755b
Size: 1.49 MB - postgresql-contrib-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 1370879ae5c82a950a4e95bd425f5555
SHA-256: 08b0ab02dd0fa24887a933192d99abe6f689958c73ec020899c90d6fc969c12c
Size: 803.68 kB - postgresql-debugsource-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: ebd6642120f27c4966c19ec2f4f84ba1
SHA-256: bf375a5247bf096f86bddc0218ca27f74bc1a08c8589139562568f755a2527c1
Size: 14.52 MB - postgresql-docs-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 859c109a3e93c84f9cac443aa4782a36
SHA-256: ca4c11d5d73b0aeac2a487ac3204014e255a6173932152392b147359aef10c22
Size: 9.01 MB - postgresql-plperl-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: d31cc87ac9167dc1b6532b6b8a03e2c3
SHA-256: f7c3c3b02f939285ba6388a2e0ed92c38e867ca5014034de1bfd179c7f8ecd49
Size: 100.35 kB - postgresql-plpython3-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 6c7b2a9a422ea3244b958adbf9a9ceb9
SHA-256: b001470f0cc36892b1ecb17e27605cd7c4daa13727a987556727a29fb2a0a9e2
Size: 120.22 kB - postgresql-pltcl-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: e5df85c5d1edf1c19e4a36d3c46de743
SHA-256: fc8073c43dfd60384850ce017f402454eb197bba7a5ee00e7e4224632ace2fae
Size: 76.59 kB - postgresql-server-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 1251047f43261851f4c2ec9f82b2e0b8
SHA-256: 2455852d1c9f640213476eb80f8248cd694951524ffd3159fe1f05faf37dd482
Size: 5.04 MB - postgresql-server-devel-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: a1b2b1ae25f98f0b789249b3de91d172
SHA-256: 95ab6c26055488f5d102cd67e172a4f3ac9ce10019d7e09b872bf6538f5e3a0e
Size: 1.09 MB - postgresql-static-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 613555c2b6f9bf0166321859adb206b6
SHA-256: 402f7f5f992c5e4c01cb7366609ae1433ec906c8ca6f3d792e96fd710e02c77f
Size: 123.87 kB - postgresql-test-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: d25b792668ef25a14a723c4e5d05dccb
SHA-256: 011c2ef1a60cee2de0a424157d36aa50ca19237bd82b4960b848452a763b8dc4
Size: 1.66 MB - postgresql-test-rpm-macros-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 53c99b78998228c3c02d3cb303559a96
SHA-256: 7caa9c83b63480f7a0113284c88d245c50bfc02bea4f21006c7120f65e177574
Size: 47.78 kB - postgresql-upgrade-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 489326878f6a93214a49c29668f69ca7
SHA-256: 8667c9353c4b757d32ced1158c4283fea15f88531ba79d3fb719c1d44aff7f8e
Size: 3.36 MB - postgresql-upgrade-devel-10.15-1.module+el8+1189+94dda58b.x86_64.rpm
MD5: 5a3b68f7aa51dca6c02302b82611b31c
SHA-256: 729aed4f430c4aeaef4ee1565a9f56a0241b1a96e19d1883964b890f7252fc67
Size: 759.17 kB