postgresql:10 security update
エラータID: AXSA:2021-2311:01
リリース日:
2021/08/10 Tuesday - 10:18
題名:
postgresql:10 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- postgresql には、特定の SQL 配列の値を変更する際に境界チェックをしないため、
認証されたデータベースユーザーがサーバーメモリの広範囲に任意のバイトを
書き込むことができる脆弱性があります。(CVE-2021-32027)
現時点では CVE-2021-32028 の情報が公開されておりません。CVE の情報が公開され次第情報をアップデートいたします。
Modularity name: postgresql
Stream name: 10
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-10.17-1.module+el8+1273+d6182f72.src.rpm
MD5: 49b8663bb9ad4e1fc30ba9aa473c50dd
SHA-256: 6cf00fd262fdb5473f0358bd08ae1069e9cde3a31752da2609918cc1ffa67a2c
Size: 40.98 MB
Asianux Server 8 for x86_64
- postgresql-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 988a27bc1ddb23d8b87ba6f465c81c01
SHA-256: 13c3686976565b50114b2763ccee4daef6f1405cb1afd341b97a4303b1c5469a
Size: 1.50 MB - postgresql-contrib-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: ffb89639535d240ddce217fb9ca4b885
SHA-256: b9fb29d29c17aa19106c33224de739f609a27b803d3c6929e21f26269711c6a2
Size: 804.57 kB - postgresql-debugsource-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 637e9b16c65354362eb927f32efde032
SHA-256: dad4439c9aec8ab9edeca422d0bac20323aa72c94239d31cfcbced031baaaceb
Size: 14.53 MB - postgresql-docs-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 063997935632f223c82543f85d9b284a
SHA-256: 475b7837418ca808c0bb6979a86aa306fd7388e2c93b1eecc66660b3383a4c11
Size: 9.05 MB - postgresql-plperl-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: a7eca08b72f6e560bbb19c5d63454828
SHA-256: c45ac1cac7647a1cbc2ae0175852427ded3b4ed19ad62dab3b159baeafd6f624
Size: 100.55 kB - postgresql-plpython3-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 30fd85257641b2d5e90386fcbea09974
SHA-256: b98f83edbcdbf91be9dc9547fb5434dc13a3e5de1a25c36299a215925fe17352
Size: 120.29 kB - postgresql-pltcl-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: f6b71f69992ad0260df5aad7408355b4
SHA-256: 61f37016dff4faff88f15ae3b770e81ed3e3cc679f8fd434f6906e8a8a039f50
Size: 76.76 kB - postgresql-server-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 36d062059f3d0860a5926ce97e0c8c5f
SHA-256: 5261418ca1b4d9dd6a2118a94c8bb8701fb17ac6ea83d6373cc03d3195778b61
Size: 5.06 MB - postgresql-server-devel-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 948ebc70bb95d7cd973bf3f0622ea915
SHA-256: b61b188a9f2525d7ff17101d942a8ddfc99627086ced6e625775899b95acf98e
Size: 1.09 MB - postgresql-static-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 0f6bfef97ed4c336a9b272092f8d3e5d
SHA-256: d680f09128816fd4af59b48572200f8dfa8df290b2439acf400784f59d2e7e0e
Size: 125.32 kB - postgresql-test-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 2a42b84805537685db9642d72f4bd9d9
SHA-256: 1bfe0292f5cee5261176cb29e78ac3e451d33c92d1f7934e94f69e4cebdcd42d
Size: 1.67 MB - postgresql-test-rpm-macros-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: d2763a95471b830d15d132fc178a4fc8
SHA-256: c79822298a1b7c38b12ab2c9e4a7f93b547a7adffe67c6ddfe6b72ff851b1d29
Size: 47.91 kB - postgresql-upgrade-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: a8f55cabda958de0ac97adb7015044bc
SHA-256: c3090abb172aff9b0bb8c1063e7ff75262b0a12ac7abe7fc0d5e68903c619fd1
Size: 3.36 MB - postgresql-upgrade-devel-10.17-1.module+el8+1273+d6182f72.x86_64.rpm
MD5: 2c47dc92976ebd67233fb4f2da16e12e
SHA-256: 4ebd5eef4dce1cf787b35d2d08e334c7586c5c91bb3927cdb320ee89bdf9d5f5
Size: 759.30 kB