postgresql:9.6 security update

エラータID: AXSA:2021-2310:01

Release date: 
Tuesday, August 10, 2021 - 09:14
Subject: 
postgresql:9.6 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (9.6.22)

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027)
* postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: postgresql
Stream name: 9.6

Solution: 

Update packages.

CVEs: 
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-9.6.22-1.module+el8+1272+81c875af.src.rpm
    MD5: accdadbc2633e8743bdcbcc15c510da8
    SHA-256: d4897127d209862e0585817d4a09156cca88174b96562470a6f5d9efdbaac131
    Size: 24.48 MB

Asianux Server 8 for x86_64
  1. postgresql-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 428e6c5f62dad864d316c15fbca4b366
    SHA-256: 5c710fba2338c4bc5b2809c6db1a310f72ed13afe1a9102ff54a65156e6f0c0e
    Size: 1.39 MB
  2. postgresql-contrib-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 4efcf89538499f8c573d9f0bb5e54a76
    SHA-256: 8b094e549a4d98498387afa4e9d5a1824822fc2481a78c9ab1f390800965224d
    Size: 751.97 kB
  3. postgresql-debugsource-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 56acc97c09bc93f4a3f265395b5dd438
    SHA-256: e076450b4694d0ed746597a00d17b1d926f222d4ce59b50ead016205dd74505b
    Size: 8.05 MB
  4. postgresql-docs-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 6a75e13782d28b4cf5464396ca613f49
    SHA-256: 4ce70db76ded850fc1f9ca900755441a37d1de736bf3d5a7c1643a21df67569a
    Size: 8.35 MB
  5. postgresql-plperl-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: d3b1284f34e5d2e7e80ef973a5f75a51
    SHA-256: 875a1c0d4350c3ec5a8c40584da39fa30e3fbf449f85794b133738a1c2c4954f
    Size: 100.40 kB
  6. postgresql-plpython3-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 776824f68093e3c8f489963d71890974
    SHA-256: ccd1f9bc10f5e9fb6ca3680b1f729e1d9f89cf828cd4704cc18c59aa752be298
    Size: 115.87 kB
  7. postgresql-pltcl-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 0f2e0873fc8cb0e5ce96ee4d6ceef3a7
    SHA-256: 540a767466683f90f1e57c4adfaaede8f024d4baa62c4e62ec917fc5a390758e
    Size: 79.34 kB
  8. postgresql-server-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: a7d7aebce7db966fc7d4bfdd7e9262d0
    SHA-256: 006afb31adaac7ee8b3c56d1c81535ae5efc2f8f9d3de271b1e522308ad3e0da
    Size: 4.97 MB
  9. postgresql-server-devel-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: a8bef1f865df43aa6688c3f1068993ab
    SHA-256: 487be2ff049b919b88f17286a7cb5440c10b9c1a8a9985665d3ef3570b3c4eac
    Size: 1.00 MB
  10. postgresql-static-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: 26389fb2afc670c85ce72dacf7e765ff
    SHA-256: 297d3f53909889731da183e050cfbfc69a59557ac181290640aaf01c876471f2
    Size: 91.12 kB
  11. postgresql-test-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: f39c1e63df4677fdf2ca1cbe01f57b27
    SHA-256: f14ef9bf01895d2114f69e22559e97a45c2418d618e949c9eadf7d6a70fb8f19
    Size: 1.56 MB
  12. postgresql-test-rpm-macros-9.6.22-1.module+el8+1272+81c875af.x86_64.rpm
    MD5: e6b00e82647c46762fc6a2201bcce90e
    SHA-256: 78146d678f73e447398d6f39bd94e227ad9e999fe7bbf9e1ccdeac70d90931a3
    Size: 47.26 kB