postgresql:9.6 security update
エラータID: AXSA:2021-1513:01
以下項目について対処しました。
[Security Fix]
- PostgreSQLには、実行計画作成時に特定カラムの統計情報を調査する前に、
行セキュリティーポリシーの評価をしないため、攻撃者が(SELECTの実行権限を
持ち、かつ行レベルのセキュリティーが攻撃者から見える行のセットを切り詰める
特定カラムの最頻値を読み取れてしまう脆弱性があります。(CVE-2019-10130)
- PostgreSQLには、適切なSECURITY DEFINER関数が与えられると任意の SQL
文を実行できる問題があるため、実行権限を持つ攻撃者が関数のオーナーとして
任意の SQL を実行できる脆弱性があります。(CVE-2019-10208)
- PostgreSQLには、拡張機能がインストールスクリプトの中で search_path を
安全に使わないため、十分な権限を持つ攻撃者が管理者を欺いて特別に細工された
スクリプトをインストール時やアップデート時に実行させることが可能な脆弱性が
あります。(CVE-2020-14350)
- PostgreSQLには、"ALTER ... DEPENDS ON EXTENSION" において
サブコマンドが権限のチェックを行わないため、認証された攻撃者が特定の設定の
中でオブジェクトをドロップし、データベース破壊へ導くことができる脆弱性が
あります。(CVE-2020-1720)
- PostgreSQLには、追加的なデータベースコネクションを作成するクライアント
アプリケーションがセキュリティ関連のパラメーター無しに基本的な接続パラメーター
のみを再使用する場合、中間者攻撃や平文通信の観察の機会を攻撃者に与えてしまう
脆弱性があります。 (CVE-2020-25694)
- PostgreSQLには、少なくとも1つのスキーマ内にテンポラリーではない
オブジェクトを作る権限を持つ攻撃者が、任意のSQL関数をスーパーユーザー
として実行できてしまう脆弱性があります。(CVE-2020-25695)
- PostgreSQLには、インタラクティブな端末セッションが \gset を使う時、
攻撃者が任意のコードを psql を動かしているOSアカウントで動かしてしまう
脆弱性があります。(CVE-2020-25696)
パッケージをアップデートしてください。
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- postgresql-9.6.20-1.module+el8+1188+d582690e.src.rpm
MD5: 5899d34e166c1afee19e6902e963006e
SHA-256: 05ed8a16bc84f0ab662c6637e4da6a6dc4f86a8345ee4b9df5dbeff0f98ec577
Size: 24.40 MB
Asianux Server 8 for x86_64
- postgresql-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: b756b5584c7eed80e7226d910e779cb3
SHA-256: e89424462f58112c6599c5f9deff170ff0cadcbcb9bb8d6d9378e7c877945315
Size: 1.39 MB - postgresql-contrib-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 67eb3df12c90a34416a1e30e80dfbf2e
SHA-256: b8ce9e9bb642fb2c2a71bbc55124f65b88c8a02be2d55fd183425f0a67d5a101
Size: 751.84 kB - postgresql-debugsource-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: a6ef0abf672cb925b90aafd8c1cf26ef
SHA-256: 7322b94d9f679bc288766e337f5f1e738f1be8e635f32a945c72bba3869d8411
Size: 8.04 MB - postgresql-docs-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: f56466d2147fc59b281a6e7546bbd586
SHA-256: a06e8df30657943e735f56008e8c5ab903e30918386dc6191dbb746cda168ad4
Size: 8.32 MB - postgresql-plperl-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 60e5eb06f2932f64afa32c6a7fe10e94
SHA-256: 865fc18eb6a822bfe0b5867be1b17990d3719482d307bed7f9c2b580b8d02e68
Size: 100.14 kB - postgresql-plpython3-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 50e573b6476ecbdd8440954e5fa9244e
SHA-256: 1de5caad2deffd4267cfee9f9d03bfc0bbae8a3c9fed0b90498ee77a0bf4be75
Size: 115.64 kB - postgresql-pltcl-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 6628b9c1371be74174b933f34bb84ddc
SHA-256: 6dfdec47c82bce422bc1fbcbb0ccb35eda208e9d5956baf3e807c39488b7c0fa
Size: 79.38 kB - postgresql-server-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 90c9d8d809d1e872e822ef1b52cf754d
SHA-256: 8619d8da838e7ee7335f247b6277a447ef8fb2346b1f29f4f5831debcd567254
Size: 4.96 MB - postgresql-server-devel-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 3607d73a59429a896be6c439bfd0c0d6
SHA-256: 5d970dfacee3edad0ab4d1e2edadb819b669e7c66645ebba835610a4ca89c450
Size: 1.00 MB - postgresql-static-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 34237c7b993bfbcd12c03495c120201d
SHA-256: 228adb295247b2f496afe6d67f8a2c14b896e4ca7b3c792d1925640f300abe3d
Size: 90.07 kB - postgresql-test-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: ede56e02114cfd13a8f93b094f35987e
SHA-256: 7b6e007eae54cdeadaf2cedd5556b5ab02379928c5b9b53e7fb6d96c0b6fcd55
Size: 1.55 MB - postgresql-test-rpm-macros-9.6.20-1.module+el8+1188+d582690e.x86_64.rpm
MD5: 6c8d370942bd953626f40e11e257ae4d
SHA-256: 6b38c923643daf00caa70658d6a57a6f81f319517828617cd2162d4646fdf159
Size: 47.14 kB