postgresql:12 security update
エラータID: AXSA:2021-1515:01
リリース日:
2021/02/20 Saturday - 08:14
題名:
postgresql:12 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQLには、実行計画作成時に特定カラムの統計情報を調査する前に、
行セキュリティーポリシーの評価をしないため、攻撃者が(SELECTの実行権限を
持ち、かつ行レベルのセキュリティーが攻撃者から見える行のセットを切り詰める
特定カラムの最頻値を読み取れてしまう脆弱性があります。(CVE-2019-10130)
- PostgreSQLには、適切なSECURITY DEFINER関数が与えられると任意の SQL
文を実行できる問題があるため、実行権限を持つ攻撃者が関数のオーナーとして
任意の SQL を実行できる脆弱性があります。(CVE-2019-10208)
- PostgreSQL には、ロジカルレプリケーションの際に search_path を正しく
サニタイズしない問題があり、認証された攻撃者がレプリケーションで使用される
ユーザーのコンテキストで任意の SQL コマンドを実行するために、CVE-2018-1058
と似た攻撃をすることの出来る脆弱性があります。(CVE-2020-14349)
- PostgreSQLには、拡張機能がインストールスクリプトの中で search_path を
安全に使わないため、十分な権限を持つ攻撃者が管理者を欺いて特別に細工された
スクリプトをインストール時やアップデート時に実行させることが可能な脆弱性が
あります。(CVE-2020-14350)
- PostgreSQLには、"ALTER ... DEPENDS ON EXTENSION" において
サブコマンドが権限のチェックを行わないため、認証された攻撃者が特定の設定の
中でオブジェクトをドロップし、データベース破壊へ導くことができる脆弱性が
あります。(CVE-2020-1720)
- PostgreSQLには、追加的なデータベースコネクションを作成するクライアント
アプリケーションがセキュリティ関連のパラメーター無しに基本的な接続パラメーター
のみを再使用する場合、中間者攻撃や平文通信の観察の機会を攻撃者に与えてしまう
脆弱性があります。 (CVE-2020-25694)
- PostgreSQLには、少なくとも1つのスキーマ内にテンポラリーではない
オブジェクトを作る権限を持つ攻撃者が、任意のSQL関数をスーパーユーザー
として実行できてしまう脆弱性があります。(CVE-2020-25695)
- PostgreSQLには、インタラクティブな端末セッションが \gset を使う時、
攻撃者が任意のコードを psql を動かしているOSアカウントで動かしてしまう
脆弱性があります。(CVE-2020-25696)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.4.0-4.module+el8+1190+d5ebf102.src.rpm
MD5: fd55e932a98e690b9c05a60ba36e34db
SHA-256: 5771db512dc0eb985ee6dd6e0a13ed829e7ed18d7b21c7561db30ad225727270
Size: 42.03 kB - postgres-decoderbufs-0.10.0-2.module+el8+1190+d5ebf102.src.rpm
MD5: 1c6cc256c01fd8d5ad488246b5f94e9d
SHA-256: d225e2cbf4b8d826610bcf10afac537a7c8e32b58c93d604ecd34e9d25ff27c1
Size: 21.15 kB - postgresql-12.5-1.module+el8+1190+d5ebf102.src.rpm
MD5: be3c00a61bf643a14c56f15ba0dc6c61
SHA-256: a3ebfd5ad389e790a45df534d9074f46923e9c6a6d866284235d43051f20dc85
Size: 45.46 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-4.module+el8+1190+d5ebf102.x86_64.rpm
MD5: f45efc256d6cd77952c4209da6e87540
SHA-256: fed6dae58673ef36ea61c7b9587191849d915f278d5d2d0bfbe129fa0378f191
Size: 26.82 kB - pgaudit-debugsource-1.4.0-4.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 09d70c0d5ab1ace529aef077b1ae4f72
SHA-256: 8907da0c658b1e84b9922493d1ba520060e4bccf73f9203a6c7d78c2c896ade2
Size: 22.75 kB - postgres-decoderbufs-0.10.0-2.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 4b453d7ae55dac20fce55051dc63b00c
SHA-256: c775a7a3b54737b06052f5b3087b2a8aecc02aa616c881142774ae4788fb8cec
Size: 21.84 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 279ceb946718063ea301b91baef10b7c
SHA-256: 540c1cc859390ac9c5252bc5a7585656eb4be0994e2c8b1cb4b40c92f487f9c3
Size: 16.82 kB - postgresql-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: aa763a0c965e921c02d18e1794eb6964
SHA-256: 669b26efb6e541230ae398ed7a5043b879ee207e45502e4d526205d068554484
Size: 1.49 MB - postgresql-contrib-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 26ae910879351ba3661f1d03e4e38db4
SHA-256: c0d77a34e306dae07774f55fbee6d8da227904a92ffaf76fd894fe4220a83437
Size: 865.52 kB - postgresql-debugsource-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: e08fda025f97003789b9625cd338903f
SHA-256: 71daf089dce5a78bf2a57bf55b765c79ab93c71d6fb80fe9cb128c4f86b22c1a
Size: 16.68 MB - postgresql-docs-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 2e3a30836e481e9df2ed40a33b61f68d
SHA-256: e93c4a289d78c33e7d0dbb998f19730bf3a3abcff7eca6161f83f1da7c7a03cf
Size: 9.43 MB - postgresql-plperl-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: bc1270844e5086faf572972090aba14c
SHA-256: 9ae46f0c358246ef6a6be65524da751b85cf43ffe7fbf59ff572da6c11998bb2
Size: 108.10 kB - postgresql-plpython3-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 14d24a34165423a238835654e7ba7b3d
SHA-256: fc3457e751c12481d7ae63f5f8ea699a83da54cc92e08c2453ffb87a6498e3d0
Size: 127.66 kB - postgresql-pltcl-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: a9a4246af623c34d2b4fc6fa89ab0efa
SHA-256: 2ea4b5ba0ff7fa931d147c0c1c2707f0aefb3899438db4b7e098322cfb50d609
Size: 83.63 kB - postgresql-server-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 3556cf13cc098623c38d61585d585611
SHA-256: 3e435ad68df59542418247b27b59600ff251f6c199207cb773cb2506773cd4b3
Size: 5.57 MB - postgresql-server-devel-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 3ae05ab3b06e835e386c007711630318
SHA-256: f05b6fd61636b283d6fc89f890e4d0dad1a0e789233ebac0d051255af34389c0
Size: 1.15 MB - postgresql-static-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: a4c000b8807b5b137536ef5d5471e61f
SHA-256: 145ca7151fdeaae91fe5e618592c420fc3e471ab5c9634144f5d9a47b8974622
Size: 163.54 kB - postgresql-test-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 0e7b973045773a1e7b8985730dff865c
SHA-256: 75d329a5952ba44b481d137086a0cc19ebb1f795351c33e5e6ed7167116e0400
Size: 1.91 MB - postgresql-test-rpm-macros-12.5-1.module+el8+1190+d5ebf102.noarch.rpm
MD5: 6a58db4ba93332c3feb16cacb87c1977
SHA-256: b2dd1097316f123d316dbac543d89acbd631a7417f000b782aabd9cd64944263
Size: 51.57 kB - postgresql-upgrade-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 9bf4fc4e493977cf7edc3a45c2476173
SHA-256: a78ef2584c33850ea42c5a414d89133728a11badc087f8da1bd01449b8a1dd05
Size: 4.07 MB - postgresql-upgrade-devel-12.5-1.module+el8+1190+d5ebf102.x86_64.rpm
MD5: 81c19068d65a61a98df6cd0473f2aad8
SHA-256: 843558ed615528fadaeb89d670bb4acfccdd9b5b2d9fcab6b0e4a64897c239af
Size: 1.06 MB
English