libpq-13.11-1.el8.ML.1

エラータID: AXSA:2023-7198:02

Release date: 
Saturday, December 23, 2023 - 00:26
Subject: 
libpq-13.11-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.

Security Fix(es):

* postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

Solution: 

Update packages.

CVEs: 
CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Additional Info: 

N/A

Download: 

SRPMS
  1. libpq-13.11-1.el8.ML.1.src.rpm
    MD5: 707baeb4878d58ead4d869d6ef89ddc6
    SHA-256: 0c1eece90526bd6228060089b63325e14fc2c0aea4d1111709da771a86c67d3b
    Size: 20.45 MB

Asianux Server 8 for x86_64
  1. libpq-13.11-1.el8.ML.1.i686.rpm
    MD5: 177a80d61f22081d34e7bcd211dcda54
    SHA-256: 06423b51863d5cc74f0599afe4efafaba978b76147a23ff9a48ad4530c921d06
    Size: 208.25 kB
  2. libpq-13.11-1.el8.ML.1.x86_64.rpm
    MD5: 8e8cb2a223891010f30c6dcf6b01e9a6
    SHA-256: 122086b79f131a6d9c6f6c1bd9554ab7ac42c1b60422d2a7602f41bb8819e92b
    Size: 198.09 kB
  3. libpq-devel-13.11-1.el8.ML.1.i686.rpm
    MD5: dfb19cae73d7e82ade3eb1c685470eb5
    SHA-256: bc0339a09f4d05004d56cf6889ed43de9ee3bd2eb63f09c685e1b5bf35af529f
    Size: 99.77 kB
  4. libpq-devel-13.11-1.el8.ML.1.x86_64.rpm
    MD5: 8584f04332cfd352d349416d6795f731
    SHA-256: 26c58847b43dfaf898531e1a175f7b19219ca21422c3dfe967cede0c36471f96
    Size: 97.95 kB