rh-postgresql10-postgresql-10.5-1.el7

エラータID: AXSA:2018-3312:01

Release date: 
Wednesday, September 5, 2018 - 09:53
Subject: 
rh-postgresql10-postgresql-10.5-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.5). (BZ#1612673, BZ#1614337)

Security Fix(es):

* postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)

* postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925)

* postgresql: Too-permissive access control list on function pg_logfile_rotate() (CVE-2018-1115)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Stephen Frost as the original reporter of CVE-2018-1115.

CVE-2018-1115
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

Solution: 

Update packages.

CVEs: 
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-1115
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
Additional Info: 

N/A

Download: 

SRPMS
  1. rh-postgresql10-postgresql-10.5-1.el7.src.rpm
    MD5: 23c747ad8882c9cac4e818047d3ac61d
    SHA-256: 0acfe0a65026c9108191741a2d6d680120042782abc91158357a93d50351f25a
    Size: 28.99 MB

Asianux Server 7 for x86_64
  1. rh-postgresql10-postgresql-10.5-1.el7.x86_64.rpm
    MD5: dcd766d2387701e23c9cd4d7dd536e97
    SHA-256: 5850aaa1c4ff9b24e8d4a6c3b68e572bf29a1d61f1512b06df5e1bfded2eb8cd
    Size: 1.44 MB
  2. rh-postgresql10-postgresql-contrib-10.5-1.el7.x86_64.rpm
    MD5: 15c1f45e1405f300202ec1f8258b3fc4
    SHA-256: 6a97022c47f13869f18c033a4896283c07b7b9aba26d7604e41f33135a8b7bb2
    Size: 771.91 kB
  3. rh-postgresql10-postgresql-contrib-syspaths-10.5-1.el7.x86_64.rpm
    MD5: 62dc5e968434f33bc2e6ee2868e69988
    SHA-256: 663e2094c672a3aa960ed2df962c5d75c81bb307eb8c1725d1879f28097ab97e
    Size: 40.32 kB
  4. rh-postgresql10-postgresql-devel-10.5-1.el7.x86_64.rpm
    MD5: 60025f1850ca9724c1cbbebb1b0b0852
    SHA-256: ffde60171f68f273e8cd02efaf5c78efe3817522d73aa772dbf5a38fc4fe5ee1
    Size: 1.28 MB
  5. rh-postgresql10-postgresql-docs-10.5-1.el7.x86_64.rpm
    MD5: 472e5a0ab9ff782d5842bacbc7e9e086
    SHA-256: 2f9a779ec7e1f41ae4dc6daad5b59a14476266dfd96c4c7b00f133497005cb15
    Size: 11.77 MB
  6. rh-postgresql10-postgresql-libs-10.5-1.el7.x86_64.rpm
    MD5: c14002b894209496f2e8dcdc897148f1
    SHA-256: 87ca1079588997ac1b38ebcd2a20303fdd3232c25b4c11768df18aeef866a395
    Size: 289.42 kB
  7. rh-postgresql10-postgresql-plperl-10.5-1.el7.x86_64.rpm
    MD5: ec24a9a66e392cc74c47dfbd4835a8a9
    SHA-256: f413a3119ebd6bed80a16b0a0af5ceaeafb9d008e25be784a91138073dd76022
    Size: 89.38 kB
  8. rh-postgresql10-postgresql-plpython-10.5-1.el7.x86_64.rpm
    MD5: d594842b437583b6f17fae6d0b9a348e
    SHA-256: 22305274da92850dbc42b5525f34f7cfa132002f5e5db663c7983aa4e9cec165
    Size: 112.16 kB
  9. rh-postgresql10-postgresql-pltcl-10.5-1.el7.x86_64.rpm
    MD5: 1c592caad9dded1cc888d881b7e46268
    SHA-256: e23ef787beee61ee4557c804efc4efaa713dda701c675015deeae09cd37c6364
    Size: 68.05 kB
  10. rh-postgresql10-postgresql-server-10.5-1.el7.x86_64.rpm
    MD5: b2b270f1820aad4ec58fb3d247af4a2d
    SHA-256: b9d92ac4e2c3d9efe3d8cb0f06c0f7f9aa8ce9c1674f3ceb6db599f77e555bf1
    Size: 4.87 MB
  11. rh-postgresql10-postgresql-server-syspaths-10.5-1.el7.x86_64.rpm
    MD5: 3c4eef91452ae7fae336ea98786f8a54
    SHA-256: a83d280b699de3b414d1996043475c73648307fa6e4aa6cfdbdfccf7cc427f31
    Size: 41.80 kB
  12. rh-postgresql10-postgresql-static-10.5-1.el7.x86_64.rpm
    MD5: 7aba0be6c596af60cf7432b4412f5c16
    SHA-256: c8ca7343178ff9b2176688152f6cd080a00be8eb9f3343de3d223b3e86e2d373
    Size: 103.22 kB
  13. rh-postgresql10-postgresql-syspaths-10.5-1.el7.x86_64.rpm
    MD5: f243432e845fcc9e98063f3e3d2fd072
    SHA-256: b6d0f76b8241af400db675077ad633d9240a20863456f0295112314123750d69
    Size: 41.62 kB
  14. rh-postgresql10-postgresql-test-10.5-1.el7.x86_64.rpm
    MD5: ba84848aad7b38ff09bd87a6b1faf0e1
    SHA-256: b274ac830672f8ac6f591d300bbad991bead4e13c0efecf54266dcbd9d9dedbf
    Size: 1.62 MB