postgresql:12 security update
エラータID: AXSA:2021-1515:01
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version:
postgresql (12.5).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation" sandbox
(CVE-2020-25695)
* postgresql: Uncontrolled search path element in logical replication
(CVE-2020-14349)
* postgresql: Uncontrolled search path element in CREATE EXTENSION
(CVE-2020-14350)
* postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)
* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
(CVE-2020-1720)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14
did not properly sanitize the search_path during logical replication. An
authenticated attacker could use this flaw in an attack similar to
CVE-2018-1058, in order to execute arbitrary SQL command in the context of the
user used for replication.
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in
their installation script. An attacker with sufficient privileges could use this
flaw to trick an administrator into executing a specially crafted script, during
the installation or update of such extension. This affects PostgreSQL versions
before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where
sub-commands did not perform authorization checks. An authenticated attacker
could use this flaw in certain configurations to perform drop objects such as
function, triggers, et al., leading to database corruption. This issue affects
PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
before 10.15, before 9.6.20 and before 9.5.24. If a client application that
creates additional database connections only reuses the basic connection
parameters while dropping security-relevant parameters, an opportunity for a
man-in-the-middle attack, or the ability to observe clear-text transmissions,
could exist. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to
create non-temporary objects in at least one schema can execute arbitrary SQL
functions under the identity of a superuser. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions
before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before
9.5.24. If an interactive psql session uses \gset when querying a compromised
server, the attacker can execute arbitrary code as the operating system account
running psql. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
Modularity name: postgresql
Stream name: 12
Update packages.
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- pgaudit-1.4.0-4.module+el8+1190+d5ebf102.src.rpm
MD5: fd55e932a98e690b9c05a60ba36e34db
SHA-256: 5771db512dc0eb985ee6dd6e0a13ed829e7ed18d7b21c7561db30ad225727270
Size: 42.03 kB - postgres-decoderbufs-0.10.0-2.module+el8+1190+d5ebf102.src.rpm
MD5: 1c6cc256c01fd8d5ad488246b5f94e9d
SHA-256: d225e2cbf4b8d826610bcf10afac537a7c8e32b58c93d604ecd34e9d25ff27c1
Size: 21.15 kB - postgresql-12.5-1.module+el8+1190+d5ebf102.src.rpm
MD5: be3c00a61bf643a14c56f15ba0dc6c61
SHA-256: a3ebfd5ad389e790a45df534d9074f46923e9c6a6d866284235d43051f20dc85
Size: 45.46 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-4.module+el8+1190+d5ebf102.x86_64.rpm
MD5: f45efc256d6cd77952c4209da6e87540
SHA-256: fed6dae58673ef36ea61c7b9587191849d915f278d5d2d0bfbe129fa0378f191
Size: 26.82 kB - pgaudit-debugsource-1.4.0-4.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 09d70c0d5ab1ace529aef077b1ae4f72
SHA-256: 8907da0c658b1e84b9922493d1ba520060e4bccf73f9203a6c7d78c2c896ade2
Size: 22.75 kB - postgres-decoderbufs-0.10.0-2.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 4b453d7ae55dac20fce55051dc63b00c
SHA-256: c775a7a3b54737b06052f5b3087b2a8aecc02aa616c881142774ae4788fb8cec
Size: 21.84 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 279ceb946718063ea301b91baef10b7c
SHA-256: 540c1cc859390ac9c5252bc5a7585656eb4be0994e2c8b1cb4b40c92f487f9c3
Size: 16.82 kB - postgresql-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: aa763a0c965e921c02d18e1794eb6964
SHA-256: 669b26efb6e541230ae398ed7a5043b879ee207e45502e4d526205d068554484
Size: 1.49 MB - postgresql-contrib-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 26ae910879351ba3661f1d03e4e38db4
SHA-256: c0d77a34e306dae07774f55fbee6d8da227904a92ffaf76fd894fe4220a83437
Size: 865.52 kB - postgresql-debugsource-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: e08fda025f97003789b9625cd338903f
SHA-256: 71daf089dce5a78bf2a57bf55b765c79ab93c71d6fb80fe9cb128c4f86b22c1a
Size: 16.68 MB - postgresql-docs-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 2e3a30836e481e9df2ed40a33b61f68d
SHA-256: e93c4a289d78c33e7d0dbb998f19730bf3a3abcff7eca6161f83f1da7c7a03cf
Size: 9.43 MB - postgresql-plperl-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: bc1270844e5086faf572972090aba14c
SHA-256: 9ae46f0c358246ef6a6be65524da751b85cf43ffe7fbf59ff572da6c11998bb2
Size: 108.10 kB - postgresql-plpython3-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 14d24a34165423a238835654e7ba7b3d
SHA-256: fc3457e751c12481d7ae63f5f8ea699a83da54cc92e08c2453ffb87a6498e3d0
Size: 127.66 kB - postgresql-pltcl-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: a9a4246af623c34d2b4fc6fa89ab0efa
SHA-256: 2ea4b5ba0ff7fa931d147c0c1c2707f0aefb3899438db4b7e098322cfb50d609
Size: 83.63 kB - postgresql-server-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 3556cf13cc098623c38d61585d585611
SHA-256: 3e435ad68df59542418247b27b59600ff251f6c199207cb773cb2506773cd4b3
Size: 5.57 MB - postgresql-server-devel-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 3ae05ab3b06e835e386c007711630318
SHA-256: f05b6fd61636b283d6fc89f890e4d0dad1a0e789233ebac0d051255af34389c0
Size: 1.15 MB - postgresql-static-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: a4c000b8807b5b137536ef5d5471e61f
SHA-256: 145ca7151fdeaae91fe5e618592c420fc3e471ab5c9634144f5d9a47b8974622
Size: 163.54 kB - postgresql-test-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 0e7b973045773a1e7b8985730dff865c
SHA-256: 75d329a5952ba44b481d137086a0cc19ebb1f795351c33e5e6ed7167116e0400
Size: 1.91 MB - postgresql-test-rpm-macros-12.5-1.module+el8+1190+d5ebf102.noarch.rpm
MD5: 6a58db4ba93332c3feb16cacb87c1977
SHA-256: b2dd1097316f123d316dbac543d89acbd631a7417f000b782aabd9cd64944263
Size: 51.57 kB - postgresql-upgrade-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 9bf4fc4e493977cf7edc3a45c2476173
SHA-256: a78ef2584c33850ea42c5a414d89133728a11badc087f8da1bd01449b8a1dd05
Size: 4.07 MB - postgresql-upgrade-devel-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 81c19068d65a61a98df6cd0473f2aad8
SHA-256: 843558ed615528fadaeb89d670bb4acfccdd9b5b2d9fcab6b0e4a64897c239af
Size: 1.06 MB