postgresql-9.2.13-1.el7
エラータID: AXSA:2015-224:01
リリース日:
2015/07/25 Saturday - 16:41
題名:
postgresql-9.2.13-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には二重解放が存在し,セッションのシャットダウンシーケン
スの間,認証タイムアウトが時間切れになった際に,SSL セッションをクロー
ズすることによって,リモートの攻撃者がサービス拒否 (クラッシュ) を引き
起こす脆弱性があります。(CVE-2015-3165)
- 現時点では CVE-2015-3166, CVE-2015-3167 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-3165
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CVE-2015-3166
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2015-3167
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-9.2.13-1.el7.src.rpm
MD5: 1be08830de33b6ab8f7492ec4fcf2acf
SHA-256: cd4e1c9c3181b27291faf05f115dc51304d8b7ae72575ca08292b990dddc4d29
Size: 37.79 MB
Asianux Server 7 for x86_64
- postgresql-9.2.13-1.el7.x86_64.rpm
MD5: 74e65170048fabb070a6463ada9b4bbc
SHA-256: 948365b75be187d9ac2a73c3cd8cca9be39e03949c54e077dc7caa9799f34a81
Size: 2.98 MB - postgresql-contrib-9.2.13-1.el7.x86_64.rpm
MD5: 3391a5a490b374db39f31868188cfd74
SHA-256: 9a94d1e0dbed41cb7845eb3864baa1fc736ef04559c24cbc3dfee9814a1502d4
Size: 547.66 kB - postgresql-devel-9.2.13-1.el7.x86_64.rpm
MD5: 057260e80f4278ab7bad8d573a32c9e1
SHA-256: 56ea199ae9f49d9642b7386b16e5b438e8f5bb1f173355860b45710f943cb950
Size: 945.99 kB - postgresql-docs-9.2.13-1.el7.x86_64.rpm
MD5: b53f93464deaeec853588832598c7637
SHA-256: 96e2ab38e988415d9f9d99f325df92a98a18e1e58790ff2a8c0d71b8168d28d3
Size: 8.82 MB - postgresql-libs-9.2.13-1.el7.x86_64.rpm
MD5: 056de70b39919d48fbd278122a10229d
SHA-256: e7d2cc8c3a2ea209925bec5737f6b75ca99a52da2ce2035050fe3173a937d6e5
Size: 229.07 kB - postgresql-plperl-9.2.13-1.el7.x86_64.rpm
MD5: 08c53d8cd76563a0c707a7ec7d0c651a
SHA-256: a6a5c7446d67b79c8759450e218068fcc4fcdc56dab98d19294bd393c5604fb7
Size: 83.21 kB - postgresql-plpython-9.2.13-1.el7.x86_64.rpm
MD5: 11bea4f34bb450d1ec6f6bf6c4eabc4e
SHA-256: f77379ef8cf52417faf18cc0b9545c075dda03646b4361026d8a1e2a3e491e36
Size: 93.07 kB - postgresql-pltcl-9.2.13-1.el7.x86_64.rpm
MD5: ba3b7ce7be9ec333e43e5379a5eb9fea
SHA-256: 9522fcee2eeca4e58f6fa2754afd4da70340671b069e84eb0ecbf41e09738553
Size: 56.90 kB - postgresql-server-9.2.13-1.el7.x86_64.rpm
MD5: 314191e803c784806aae9849e37343e7
SHA-256: d50ae9b186a7a74b9c725cce91649d77f7dd26140ab1e5516d059204acbe2f72
Size: 3.81 MB - postgresql-test-9.2.13-1.el7.x86_64.rpm
MD5: e19c758b00e627436e08a284068114d0
SHA-256: 11b9f37234887626d6a8d896125f5dd28b0408868aa3be32d492f0cbbd82b11d
Size: 1.73 MB - postgresql-9.2.13-1.el7.i686.rpm
MD5: e8c28905fbf6d0f1bf186f3f7c0eb959
SHA-256: 0000e1f6197dc706067c237b854fd4462643dd0080e58ab43eec05cfaf3823dc
Size: 2.97 MB - postgresql-devel-9.2.13-1.el7.i686.rpm
MD5: 0ab3c86c6319a1a83e9a0df72f2f19b3
SHA-256: eae1443d63fa470f4244d3eebc41e167d3b271c47ed845cb754eaa4cfa42422f
Size: 939.82 kB - postgresql-libs-9.2.13-1.el7.i686.rpm
MD5: c68c587ea511d551e279ea87a7344913
SHA-256: e558fa24e53fef276b3f0a74e6d9e29e6ae7fad50d7af1fd61a69dcee117708c
Size: 228.90 kB