postgresql-9.2.24-1.el7

エラータID: AXSA:2018-3306:02

Release date: 
Monday, August 27, 2018 - 03:28
Subject: 
postgresql-9.2.24-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (9.2.24). (BZ#1612667)

Security Fix(es):

* postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.

CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Solution: 

Update packages.

CVEs: 
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-9.2.24-1.el7.src.rpm
    MD5: e25380863e839bd0626c1fcaccba5d6b
    SHA-256: a8618cdf221a0ac2f8ebb66b4637c17a5304c0bade53d97aac6fe3763f038190
    Size: 35.97 MB

Asianux Server 7 for x86_64
  1. postgresql-9.2.24-1.el7.x86_64.rpm
    MD5: 6c08a3e112086999da593b76971704db
    SHA-256: 3d4bb62f6ab23979f47ade49f802ea541558f9fb27f80116b460d313aa6bc4af
    Size: 3.03 MB
  2. postgresql-contrib-9.2.24-1.el7.x86_64.rpm
    MD5: 31f9e50f52386397ca542b34879a49cd
    SHA-256: c4d28e36608e3066b472130934c1a610ac3969e354e306a2d806252f71116f86
    Size: 551.99 kB
  3. postgresql-devel-9.2.24-1.el7.x86_64.rpm
    MD5: f3666649c66f28d7196a32cb3fc4a03e
    SHA-256: b07cc74995a7665fe4986efec623da5473d701f3ea639dd55de889e2ea2d3556
    Size: 950.96 kB
  4. postgresql-docs-9.2.24-1.el7.x86_64.rpm
    MD5: a764724ff549dc0375f51689911683dc
    SHA-256: 6164be7f7d0e707faf54826b6a009248a2a200ae5493b84f34dd1cbecc86e889
    Size: 6.87 MB
  5. postgresql-libs-9.2.24-1.el7.x86_64.rpm
    MD5: e1fabcd4c89479377fd831121bd11969
    SHA-256: 0e976039912691e87bbcfe45a1fbe57ae5499c5e9f50ff7963f0225ab583aeb0
    Size: 233.11 kB
  6. postgresql-plperl-9.2.24-1.el7.x86_64.rpm
    MD5: cef93be05a9b4bdd0dd8afb77bcb5bd4
    SHA-256: b05e605cdb12f4fa1329cf7de442bbffeddc850266170e68a1f2449bc272a9a5
    Size: 82.44 kB
  7. postgresql-plpython-9.2.24-1.el7.x86_64.rpm
    MD5: d860eb96d81d508dae36fccb40a04602
    SHA-256: c95e18be5ed7d891505572ad199628464ce25c9816df407044560a1b01afb748
    Size: 95.29 kB
  8. postgresql-pltcl-9.2.24-1.el7.x86_64.rpm
    MD5: 286bae31ece38a79984756950241aa94
    SHA-256: 2726157ad9902e7f032791425230fcd6730da731cc7b072ef0a593fff4a61a06
    Size: 58.63 kB
  9. postgresql-server-9.2.24-1.el7.x86_64.rpm
    MD5: 60191f1a90508dbea3574410db6a6fa4
    SHA-256: 169e87a36486320f5b75bb40ac92f996ed3e20b701a0c7cca9e50eb0a6006c92
    Size: 3.82 MB
  10. postgresql-test-9.2.24-1.el7.x86_64.rpm
    MD5: d104f36675b14530c7f1940a04c18f30
    SHA-256: f728b73cc468f1b6cb5303c1c373341564e6a7ebad72402524366ff81ad44c35
    Size: 1.76 MB
  11. postgresql-9.2.24-1.el7.i686.rpm
    MD5: b8ed7c016a563edab7abb0666787fbd2
    SHA-256: ac157e38b7bc13baee7c63ae96cc0f1c338dbd3f5ad1c4cea6043879ca1e93c6
    Size: 3.02 MB
  12. postgresql-devel-9.2.24-1.el7.i686.rpm
    MD5: 2aab190c8da492a9854d3243204f8252
    SHA-256: 501c9eb5999a7857e8325a7059d848933b7fbc03290e083364050de1fc4292f0
    Size: 945.17 kB
  13. postgresql-libs-9.2.24-1.el7.i686.rpm
    MD5: d6c6b217d214ef0e249257b85167d788
    SHA-256: 6b2b478881730a9692e74b77eb2f5866526749e9fe0ada8bd39e6eda8cfa281d
    Size: 233.31 kB