postgresql:10 security update
エラータID: AXSA:2022-3559:01
リリース日:
2022/07/19 Tuesday - 08:04
題名:
postgresql:10 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- postgresql には、clientcert オプションによる trust 認証
もしくは証明書認証を使用するように設定し、SSL 証明書の検証と
それを用いた暗号化を実施している場合においても、中間攻撃者に
よって接続が最初に確立された時に任意の SQL クエリの挿入が
可能となる脆弱性があります。(CVE-2021-23214)
Modularity name: postgresql
Stream name: 10
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-10.19-1.module+el8+1458+b18b82b5.src.rpm
MD5: 77a91e7da85993e0638fc3c5f1407658
SHA-256: 78817d49fdf9bd82d398c0ec87a8930a9642492cc8125d10a6a748f26ef641f1
Size: 41.13 MB
Asianux Server 8 for x86_64
- postgresql-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 127a674c7116797f33e42906d4c77d9c
SHA-256: adeddd1ef7902e8c52d611394055cd93c69ea0bb37f5bcb14fb370c058bae6b7
Size: 1.50 MB - postgresql-contrib-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: b98c527130688fc818a34db78678f60e
SHA-256: d70c22e50e30b512a2f766e583059a151123b634d0cba643df50a8ea4187e716
Size: 805.67 kB - postgresql-debugsource-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 92d9e3a8771a536188725dfec532b2fc
SHA-256: 6db66ecf230575ca4b55f2ce0d9a558f0a2824b370ee9ee4780e2eb8ebfe4c04
Size: 14.47 MB - postgresql-docs-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 5e2d2583b03a22965b71b3f3beb7e4ed
SHA-256: 5626a6d4c3d56cd3972d4ac4be89c986d6aa23c899d6697f261ab5dee7ea4e61
Size: 9.11 MB - postgresql-plperl-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: e6a90550128fe1b0aac7bee73d3c8d74
SHA-256: cbbe0a4cf3d157f431e943f3ce2fa85363875df4e2faf5d839860571d3874c32
Size: 101.19 kB - postgresql-plpython3-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: ce232310afd9c2a6206ff5981bb5bbdb
SHA-256: 8abed0acbb39abcaabbe1ac7e08fc5d379517984335ad96fd7419a1d13767b4f
Size: 120.89 kB - postgresql-pltcl-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 526c39c059fb31745ad60944708880f9
SHA-256: 0cbb1db660d174d2637e516d34b703c10064d7b2a51c5b5a87deb318e91b11ef
Size: 77.21 kB - postgresql-server-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 69be6c9811fcea38b43baa4a6c3fbbd1
SHA-256: c4b2680b95837ab0e62564da37475195dcc9953e818e4b6297a328c817825b5b
Size: 5.06 MB - postgresql-server-devel-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 1933da6abf417c835729a12616885081
SHA-256: bc0afe643b32f4311cbecd837c6a9591e8d55e33f809addb34bfe9861cec60d4
Size: 1.09 MB - postgresql-static-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 9ee0804dd1f8f691e8019647bb734fec
SHA-256: 438a0f250b3834f9dbc8929165608fd55e97006299e8422a35485f09de4044f5
Size: 125.96 kB - postgresql-test-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: b7ba7a9c0cc6090614097a8d9363e6d6
SHA-256: 7ba2ed931f433cfe93f918abe6065d0e7824df0f956c7d28ccbcdfe1fe8589fc
Size: 1.67 MB - postgresql-test-rpm-macros-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 75d14c300f5bc311bd05e581a34d5c8f
SHA-256: ae0703fe8dce1715b386b2c2b802a7a28b747979bf602f5d68a4e3653be11248
Size: 48.42 kB - postgresql-upgrade-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 5ff069edf9919c4e63812e230c2d80d9
SHA-256: 7917c012f712f6e6d638f3ec4164e09e14b9be1388fad7bfb531bf32d0a78fb2
Size: 3.34 MB - postgresql-upgrade-devel-10.19-1.module+el8+1458+b18b82b5.x86_64.rpm
MD5: 2df02d043b40c7f93de3667a9a631ef2
SHA-256: 77d925bb134ae4d7ce7a2d5105fbeadc8e751ab59d72a94824fd8b769faeaab5
Size: 759.80 kB