rh-postgresql95-postgresql-9.5.7-2.el7

エラータID: AXSA:2017-1726:01

リリース日: 
2017/07/05 Wednesday - 13:38
題名: 
rh-postgresql95-postgresql-9.5.7-2.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.

Security issues fixed with this release:

CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL
before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
providing information from pg_statistic, possibly leaking information.
An unprivileged attacker could use this flaw to steal some information
from tables they are otherwise not allowed to access.
CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL
environment variable was no longer enforcing a SSL/TLS connection to a
PostgreSQL server. An active Man-in-the-Middle attacker could use this
flaw to strip the SSL/TLS protection from a connection between a
client and a server.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
pg_user_mappings view which discloses foreign server passwords to any
user having USAGE privilege on the associated foreign server.

The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql (9.5.7).

解決策: 

Update packages.

CVE: 
CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rh-postgresql95-postgresql-9.5.7-2.el7.src.rpm
    MD5: 087697548c39b20202a102ebfc16d906
    SHA-256: d510fbabfedaca8daac251f58c08aa1cdc24b648bb5caca6acb547ceea701438
    Size: 25.67 MB

Asianux Server 7 for x86_64
  1. rh-postgresql95-postgresql-9.5.7-2.el7.x86_64.rpm
    MD5: 95ae7522134083d1a909dd68f070d960
    SHA-256: e0f1d12c8ee6ab0111962746b95e0b9900de6022ac254b355a81ce6249e0e940
    Size: 3.30 MB
  2. rh-postgresql95-postgresql-contrib-9.5.7-2.el7.x86_64.rpm
    MD5: 9c65f74e072b00db5e381c20836a8295
    SHA-256: ef878c6f1c15910d4382ea2124358e7fd00332cdba845a337cba0830d7102f10
    Size: 636.64 kB
  3. rh-postgresql95-postgresql-devel-9.5.7-2.el7.x86_64.rpm
    MD5: 06fd9225aa6d97073a62bf6a01d07aa8
    SHA-256: c0ddbd1b3e4c2b24dc929aa0bf039812fb43631faf3c9b6f807050095e6406b5
    Size: 1.10 MB
  4. rh-postgresql95-postgresql-docs-9.5.7-2.el7.x86_64.rpm
    MD5: 59b6b29e09a6ed909e7ee1d5e162a397
    SHA-256: d526cde6dd5f7a7fa6c8b2843b1096f76758e43776c168f18699873820e6d2f6
    Size: 10.18 MB
  5. rh-postgresql95-postgresql-libs-9.5.7-2.el7.x86_64.rpm
    MD5: f1aa981598b45f9b1e42b7bd482231f4
    SHA-256: 855226e6d4149936a203be34dfbbb572de36315ee42a50e8158a152976f21674
    Size: 245.52 kB
  6. rh-postgresql95-postgresql-plperl-9.5.7-2.el7.x86_64.rpm
    MD5: 9ba0e6f890777f8e3e5f05419ba8d114
    SHA-256: 63e05377372f1ae17b3207f176bc836c441fad5bb09b2644b96dd7724a5e5273
    Size: 89.61 kB
  7. rh-postgresql95-postgresql-plpython-9.5.7-2.el7.x86_64.rpm
    MD5: fd48e315915260ba5c1bacdfed307ef2
    SHA-256: 738dfe8d0eca00926daab4f292ec796d5511a8ecd5265b491f8b414c930e8068
    Size: 99.26 kB
  8. rh-postgresql95-postgresql-pltcl-9.5.7-2.el7.x86_64.rpm
    MD5: 1320d8f7db0395e3859d0ca74cfaba73
    SHA-256: f45524e8284f0ada8b564adbe3d62b90fd22586c688e3b89461ee74c589fe3e9
    Size: 63.52 kB
  9. rh-postgresql95-postgresql-server-9.5.7-2.el7.x86_64.rpm
    MD5: c5d89d5c59efca4f8e6a02580c248b9d
    SHA-256: 8748887f49639557a9ddcb3dc6860fecc63a7cd465709caf05386c8fc5cbee94
    Size: 4.31 MB
  10. rh-postgresql95-postgresql-static-9.5.7-2.el7.x86_64.rpm
    MD5: 933870a0be9ef2f134425bec210d0978
    SHA-256: dbab92b3843f53dcd178504105fce8f3730141335804b7429a16fab9e059db7d
    Size: 130.84 kB
  11. rh-postgresql95-postgresql-test-9.5.7-2.el7.x86_64.rpm
    MD5: 6787480c4e6e08863a4216cab6a7c9af
    SHA-256: dce1316d815a40cd9b6bbb81d871d4a9baa471279275c50ac44b1c95ef3e7d51
    Size: 1.45 MB