postgresql:10 security update

エラータID: AXSA:2021-2311:01

Release date: 
Tuesday, August 10, 2021 - 10:18
Subject: 
postgresql:10 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (10.17).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027)
* postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: postgresql
Stream name: 10

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-10.17-1.module+el8+1273+d6182f72.src.rpm
    MD5: 49b8663bb9ad4e1fc30ba9aa473c50dd
    SHA-256: 6cf00fd262fdb5473f0358bd08ae1069e9cde3a31752da2609918cc1ffa67a2c
    Size: 40.98 MB

Asianux Server 8 for x86_64
  1. postgresql-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 988a27bc1ddb23d8b87ba6f465c81c01
    SHA-256: 13c3686976565b50114b2763ccee4daef6f1405cb1afd341b97a4303b1c5469a
    Size: 1.50 MB
  2. postgresql-contrib-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: ffb89639535d240ddce217fb9ca4b885
    SHA-256: b9fb29d29c17aa19106c33224de739f609a27b803d3c6929e21f26269711c6a2
    Size: 804.57 kB
  3. postgresql-debugsource-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 637e9b16c65354362eb927f32efde032
    SHA-256: dad4439c9aec8ab9edeca422d0bac20323aa72c94239d31cfcbced031baaaceb
    Size: 14.53 MB
  4. postgresql-docs-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 063997935632f223c82543f85d9b284a
    SHA-256: 475b7837418ca808c0bb6979a86aa306fd7388e2c93b1eecc66660b3383a4c11
    Size: 9.05 MB
  5. postgresql-plperl-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: a7eca08b72f6e560bbb19c5d63454828
    SHA-256: c45ac1cac7647a1cbc2ae0175852427ded3b4ed19ad62dab3b159baeafd6f624
    Size: 100.55 kB
  6. postgresql-plpython3-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 30fd85257641b2d5e90386fcbea09974
    SHA-256: b98f83edbcdbf91be9dc9547fb5434dc13a3e5de1a25c36299a215925fe17352
    Size: 120.29 kB
  7. postgresql-pltcl-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: f6b71f69992ad0260df5aad7408355b4
    SHA-256: 61f37016dff4faff88f15ae3b770e81ed3e3cc679f8fd434f6906e8a8a039f50
    Size: 76.76 kB
  8. postgresql-server-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 36d062059f3d0860a5926ce97e0c8c5f
    SHA-256: 5261418ca1b4d9dd6a2118a94c8bb8701fb17ac6ea83d6373cc03d3195778b61
    Size: 5.06 MB
  9. postgresql-server-devel-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 948ebc70bb95d7cd973bf3f0622ea915
    SHA-256: b61b188a9f2525d7ff17101d942a8ddfc99627086ced6e625775899b95acf98e
    Size: 1.09 MB
  10. postgresql-static-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 0f6bfef97ed4c336a9b272092f8d3e5d
    SHA-256: d680f09128816fd4af59b48572200f8dfa8df290b2439acf400784f59d2e7e0e
    Size: 125.32 kB
  11. postgresql-test-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 2a42b84805537685db9642d72f4bd9d9
    SHA-256: 1bfe0292f5cee5261176cb29e78ac3e451d33c92d1f7934e94f69e4cebdcd42d
    Size: 1.67 MB
  12. postgresql-test-rpm-macros-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: d2763a95471b830d15d132fc178a4fc8
    SHA-256: c79822298a1b7c38b12ab2c9e4a7f93b547a7adffe67c6ddfe6b72ff851b1d29
    Size: 47.91 kB
  13. postgresql-upgrade-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: a8f55cabda958de0ac97adb7015044bc
    SHA-256: c3090abb172aff9b0bb8c1063e7ff75262b0a12ac7abe7fc0d5e68903c619fd1
    Size: 3.36 MB
  14. postgresql-upgrade-devel-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
    MD5: 2c47dc92976ebd67233fb4f2da16e12e
    SHA-256: 4ebd5eef4dce1cf787b35d2d08e334c7586c5c91bb3927cdb320ee89bdf9d5f5
    Size: 759.30 kB