postgresql-8.4.20-8.0.1.AXS4
エラータID: AXSA:2021-1754:02
リリース日:
2021/05/19 Wednesday - 07:09
題名:
postgresql-8.4.20-8.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQLには、適切なSECURITY DEFINER関数が与えられると任意の SQL
文を実行できる問題があるため、実行権限を持つ攻撃者が関数のオーナーとして
任意の SQL を実行できる脆弱性があります。(CVE-2019-10208)
- PostgreSQLには、追加的なデータベースコネクションを作成するクライアント
アプリケーションがセキュリティ関連のパラメーター無しに基本的な接続パラメーター
のみを再使用する場合、中間者攻撃や平文通信の観察の機会を攻撃者に与えてしまう
脆弱性があります。 (CVE-2020-25694)
- PostgreSQLには、少なくとも1つのスキーマ内にテンポラリーではない
オブジェクトを作る権限を持つ攻撃者が、任意のSQL関数をスーパーユーザー
として実行できてしまう脆弱性があります。(CVE-2020-25695)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-8.4.20-8.0.1.AXS4.src.rpm
MD5: 2f55e7a16e9ca21e49c1c32e36e616e1
SHA-256: 818efebc4fefcbedf19bec0da78d1fb38686c9aa0165a53f0da43d6de03e5974
Size: 20.61 MB
Asianux Server 4 for x86
- postgresql-8.4.20-8.0.1.AXS4.i686.rpm
MD5: a04a91c06c4a2e1e1b339d50af714319
SHA-256: d4457b95fd7be8a2b8cc18a1754c9ff51ceac9acc696f91119f85d4ba31a87fe
Size: 2.58 MB - postgresql-contrib-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 07b191022ec3dbd72dccb6b480817068
SHA-256: d9d7af373f23e870fcbf5897051496cb5fec20854a2931963acea6df4922a0d4
Size: 350.43 kB - postgresql-devel-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 1d0119139d135494d5823aed3c6d6b1f
SHA-256: 1a57d8994d78b207167162fe5f0e8ccdea10e24cd185419c3bf54f1fd36a2712
Size: 810.93 kB - postgresql-docs-8.4.20-8.0.1.AXS4.i686.rpm
MD5: b853381bb9fa9b0471fa06cd6fa50bd3
SHA-256: eaba633efdfb26d78a4e55ccf1a25458ba92b35e79e52cdff870ce83a4ae003f
Size: 6.95 MB - postgresql-libs-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 201bad60cec5c3b757d86bd3b9af7543
SHA-256: d6a1ff9191df6a03aa4dd1a1b7fea11e8baecbaf35ecb78f5a9b5e99f1dca514
Size: 205.29 kB - postgresql-plperl-8.4.20-8.0.1.AXS4.i686.rpm
MD5: f64d93ff2429bf80babeb2d7d72036cd
SHA-256: 4c8f5d4d9527e4ceb5d02daa2f96ca81d612e3ba9b0fd63e6bf8b5da6926e418
Size: 57.32 kB - postgresql-plpython-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 393483e20710cc10407d154c740dd3cd
SHA-256: f6d4fa55e594bf4f9252c46ffba29bd636cd7e5ec4fcc454f0cddbeda3fcdafa
Size: 58.00 kB - postgresql-pltcl-8.4.20-8.0.1.AXS4.i686.rpm
MD5: c20b444f883da8f32d7582f5224e7bf6
SHA-256: eda96c883f1f4c634f89a8c62bce8478bbd96e255624f0382f13461782279c8a
Size: 46.25 kB - postgresql-server-8.4.20-8.0.1.AXS4.i686.rpm
MD5: a3dec0a20e793e50e43aea2aae10160e
SHA-256: 8708542745d7a1d529d19fd010111d0aef59c7950ed0586b602860f86e5d4723
Size: 3.41 MB - postgresql-test-8.4.20-8.0.1.AXS4.i686.rpm
MD5: a07c4e8e58d927b61cd7d66c75ed73ae
SHA-256: 6fb48b2f6974620ce40e1b1bbb4cc890f8ff35366e0f275331cc1a6935c59252
Size: 1.11 MB
Asianux Server 4 for x86_64
- postgresql-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: cb08a0cfe9c478767b7d816769c64e13
SHA-256: 7bfc254b3f95fb4c7ea00d00b4baf493a9766dee0018e687d001345f32b31367
Size: 2.59 MB - postgresql-contrib-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: a789efc07a26f3b406b04d6896ea5c26
SHA-256: 5cdfb785361148ff6dd47cfe6f41f4fae31ba0a752fab1d81b24e9aae7e6234a
Size: 353.79 kB - postgresql-devel-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 48536b790bed74549a959079fa3ea386
SHA-256: 782fa8ea5edfd318e36222679f056dda33ff0fb04371eeb36b965771a7c238af
Size: 815.46 kB - postgresql-docs-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 33646cf20c56a382475a0c77d6ce3b62
SHA-256: cb326dc7cdb3cb778045c7890ce5b02a2f4e41715d8a187ddd94b9d16cbc1f06
Size: 6.95 MB - postgresql-libs-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: b19f612a9fde493001f7b2320012ede8
SHA-256: c6d869cc4d1708202a581c6dc5d39cbf9632221fcfb7e179078f909de603af43
Size: 201.44 kB - postgresql-plperl-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 48ad65bf85c4a25ecf0117eb879bd0df
SHA-256: dde26ec33477348865cb92d6f80b52921e9fcf37dd8dbbf7bb631ea63f3ecd0d
Size: 57.10 kB - postgresql-plpython-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 457c68f41cc5912406fb4ee9c85588cf
SHA-256: 59e21b33239443f41e36236915ac54f34f040e3f058420e8e1b801399bc78252
Size: 58.73 kB - postgresql-pltcl-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 37deba211acd61eca50640cfb866318a
SHA-256: 436531a353aa82bcc0026d0a9d2a4f4c7b73a4a267e23f27c6fff913361efe5c
Size: 46.02 kB - postgresql-server-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: e7028cc2a23900863126209722a85bee
SHA-256: 0d57e0df68a79b9a75d9e319a36cc8c600155a23afeda4b5c988237cd923af34
Size: 3.44 MB - postgresql-test-8.4.20-8.0.1.AXS4.x86_64.rpm
MD5: 8b0d42771ca303d1d4d1a54fb61fe017
SHA-256: 5fc7cfd5bc0ba45dc3e6f6a64697fb1bd9d425add3277206ecd28078599fd70d
Size: 1.11 MB - postgresql-8.4.20-8.0.1.AXS4.i686.rpm
MD5: a04a91c06c4a2e1e1b339d50af714319
SHA-256: d4457b95fd7be8a2b8cc18a1754c9ff51ceac9acc696f91119f85d4ba31a87fe
Size: 2.58 MB - postgresql-devel-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 1d0119139d135494d5823aed3c6d6b1f
SHA-256: 1a57d8994d78b207167162fe5f0e8ccdea10e24cd185419c3bf54f1fd36a2712
Size: 810.93 kB - postgresql-libs-8.4.20-8.0.1.AXS4.i686.rpm
MD5: 201bad60cec5c3b757d86bd3b9af7543
SHA-256: d6a1ff9191df6a03aa4dd1a1b7fea11e8baecbaf35ecb78f5a9b5e99f1dca514
Size: 205.29 kB