postgresql:13 security update
エラータID: AXSA:2021-2338:01
リリース日:
2021/08/11 Wednesday - 12:27
題名:
postgresql:13 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- postgresql には、特定の SQL 配列の値を変更する際に境界チェックをしないため、
認証されたデータベースユーザーがサーバーメモリの広範囲に任意のバイトを書き込む
ことができる脆弱性があります。(CVE-2021-32027)
現時点では CVE-2021-32028、CVE-2021-32029 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
Modularity name: postgresql
Stream name: 13
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-32029
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.5.0-1.module+el8+1284+800b8f56.src.rpm
MD5: 4f04c765b757a2a7649cedd7ddea6b57
SHA-256: 209f4d575e9f9b0ce952a42ee4df18b86ed0a71f6d0a2245eed780801c1a37d0
Size: 42.62 kB - postgres-decoderbufs-0.10.0-2.module+el8+1284+800b8f56.src.rpm
MD5: cbaaafd77d464737732b595db0e4e0d2
SHA-256: 536d9f4f108be8f5adda5816c8946df8b7d57c956dfbd3fbdcd223a1698ad439
Size: 21.15 kB - postgresql-13.3-1.module+el8+1284+800b8f56.src.rpm
MD5: 2544767c719821d81d052365fdee7c0f
SHA-256: 6e5c194a51c84052947ef8b64f819f77050c4d442a99a2f39d50fd6694246279
Size: 47.56 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 4cfd4cb3f33ed37ddb7015c2a97a6e99
SHA-256: c1bf1704e0dd92261926c5266c911cbd5fd1c9acbffad4fb2b8ff24aae6f2c82
Size: 27.03 kB - pgaudit-debugsource-1.5.0-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 5373c8f647cd2a0eb4a3e35f09e65524
SHA-256: dd36c322275185d7202455af3efc29c9a8c1d6596e3c93e4a59b1669525aedd5
Size: 22.82 kB - postgres-decoderbufs-0.10.0-2.module+el8+1284+800b8f56.x86_64.rpm
MD5: 459739d271298ccb496462a8e4df77b4
SHA-256: 2ec089bc8bda0dd0f010f3f57fb000f1bb7944ca34b657acf1045c4c1351fd41
Size: 21.90 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1284+800b8f56.x86_64.rpm
MD5: 68454631de8522dc4f6d65b2e001d30b
SHA-256: e7a2167842a01788ae16d3a8a0c49c845be65556aa9b9fce110ef2cef352b12b
Size: 16.82 kB - postgresql-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: b2ab04969362015d78773637cef5cbb6
SHA-256: b8bbb6292aa2304ff52ed93a2f9c1eb50200664993e78ac778c8c4da76b1bba0
Size: 1.53 MB - postgresql-contrib-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 0480e7c60d3d9e077d5ec903eb2f0bcd
SHA-256: cd010ec72032349f61902708d9bf8ff3c2b5245bde09795d2497ad0849b4c317
Size: 874.30 kB - postgresql-debugsource-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 3a8cea6475a9530fba4997f07f39c567
SHA-256: b96f61d02f847fb1c032d7b19f55c7e309e5981375d04921b114389a8261ed9b
Size: 17.53 MB - postgresql-docs-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 05eff539a026914a76074240dd01dff2
SHA-256: 0af027b6bc4b31926f22ed69c66898cc1c616f32042f3963aeae23621fc1017b
Size: 9.54 MB - postgresql-plperl-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 87f68902cc891183879d2eb5d7f51c65
SHA-256: fe11d7918c169e689e0396989e4fa64b1455ace74a68772fc826da83d2c4fee0
Size: 111.23 kB - postgresql-plpython3-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 73a6edec2ce825c0096cd8d9ba83280e
SHA-256: c0b62ae9dfabf3d88bc403d599ba2d1376ca7077658650c3c4c2a67ae4170663
Size: 127.21 kB - postgresql-pltcl-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 6038c735406ae1e02acd0751a33d220c
SHA-256: cb26981b674dce444c947261bd85a567e0830bc253e4e19b90559eea40d40f8b
Size: 84.12 kB - postgresql-server-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 005c175c42640e167fe22bcc6506dcd6
SHA-256: adea66cf674a0249dd3c0f2d9a876968e571db0e1be830a4f01834f8200748c9
Size: 5.64 MB - postgresql-server-devel-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 158398e6d777fb2c1e90ff65911b7bd0
SHA-256: 3a77f19622ac2c5408211bc8acfc118c16cf9063cd647b6513b9cec13813418d
Size: 1.18 MB - postgresql-static-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 82bcd76b8931f17016e7c18e00ef7b9d
SHA-256: 4315420a2473f5fb734b16cc66d10ded6d56a23877b74d42980f01cb9ace4b51
Size: 188.29 kB - postgresql-test-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 0aaf97e015aea380971493ce5debf02d
SHA-256: da5c4d294bfb4c296a1c865a5ac3472bbaec351a56949d7616a5fc12c84eeca4
Size: 1.99 MB - postgresql-test-rpm-macros-13.3-1.module+el8+1284+800b8f56.noarch.rpm
MD5: cf175ba930dd5c97d50741b07e3a05f8
SHA-256: 636bc9069e3c5b71bbb8ad8332b93f643a7cd2414327aacb0be490eccec0eb4e
Size: 51.73 kB - postgresql-upgrade-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 37ab7359c393f3e53775d6679e8606f3
SHA-256: ca2dd5cfd96d2aaca31e458202a96281a15a7fb05cdc0c842be2462b5b8aa3cd
Size: 4.39 MB - postgresql-upgrade-devel-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
MD5: 66d1296dd7a773d28f78ea288788a3e9
SHA-256: fcdf2a42a63e8c83cc9b2c2a112524aa0277b574c471dab55be6983c89356a47
Size: 1.10 MB