rh-postgresql95-postgresql-9.5.7-2.el7
エラータID: AXSA:2017-1726:01
PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.
Security issues fixed with this release:
CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL
before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
providing information from pg_statistic, possibly leaking information.
An unprivileged attacker could use this flaw to steal some information
from tables they are otherwise not allowed to access.
CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL
environment variable was no longer enforcing a SSL/TLS connection to a
PostgreSQL server. An active Man-in-the-Middle attacker could use this
flaw to strip the SSL/TLS protection from a connection between a
client and a server.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
pg_user_mappings view which discloses foreign server passwords to any
user having USAGE privilege on the associated foreign server.
The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql (9.5.7).
Update packages.
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
N/A
SRPMS
- rh-postgresql95-postgresql-9.5.7-2.el7.src.rpm
MD5: 087697548c39b20202a102ebfc16d906
SHA-256: d510fbabfedaca8daac251f58c08aa1cdc24b648bb5caca6acb547ceea701438
Size: 25.67 MB
Asianux Server 7 for x86_64
- rh-postgresql95-postgresql-9.5.7-2.el7.x86_64.rpm
MD5: 95ae7522134083d1a909dd68f070d960
SHA-256: e0f1d12c8ee6ab0111962746b95e0b9900de6022ac254b355a81ce6249e0e940
Size: 3.30 MB - rh-postgresql95-postgresql-contrib-9.5.7-2.el7.x86_64.rpm
MD5: 9c65f74e072b00db5e381c20836a8295
SHA-256: ef878c6f1c15910d4382ea2124358e7fd00332cdba845a337cba0830d7102f10
Size: 636.64 kB - rh-postgresql95-postgresql-devel-9.5.7-2.el7.x86_64.rpm
MD5: 06fd9225aa6d97073a62bf6a01d07aa8
SHA-256: c0ddbd1b3e4c2b24dc929aa0bf039812fb43631faf3c9b6f807050095e6406b5
Size: 1.10 MB - rh-postgresql95-postgresql-docs-9.5.7-2.el7.x86_64.rpm
MD5: 59b6b29e09a6ed909e7ee1d5e162a397
SHA-256: d526cde6dd5f7a7fa6c8b2843b1096f76758e43776c168f18699873820e6d2f6
Size: 10.18 MB - rh-postgresql95-postgresql-libs-9.5.7-2.el7.x86_64.rpm
MD5: f1aa981598b45f9b1e42b7bd482231f4
SHA-256: 855226e6d4149936a203be34dfbbb572de36315ee42a50e8158a152976f21674
Size: 245.52 kB - rh-postgresql95-postgresql-plperl-9.5.7-2.el7.x86_64.rpm
MD5: 9ba0e6f890777f8e3e5f05419ba8d114
SHA-256: 63e05377372f1ae17b3207f176bc836c441fad5bb09b2644b96dd7724a5e5273
Size: 89.61 kB - rh-postgresql95-postgresql-plpython-9.5.7-2.el7.x86_64.rpm
MD5: fd48e315915260ba5c1bacdfed307ef2
SHA-256: 738dfe8d0eca00926daab4f292ec796d5511a8ecd5265b491f8b414c930e8068
Size: 99.26 kB - rh-postgresql95-postgresql-pltcl-9.5.7-2.el7.x86_64.rpm
MD5: 1320d8f7db0395e3859d0ca74cfaba73
SHA-256: f45524e8284f0ada8b564adbe3d62b90fd22586c688e3b89461ee74c589fe3e9
Size: 63.52 kB - rh-postgresql95-postgresql-server-9.5.7-2.el7.x86_64.rpm
MD5: c5d89d5c59efca4f8e6a02580c248b9d
SHA-256: 8748887f49639557a9ddcb3dc6860fecc63a7cd465709caf05386c8fc5cbee94
Size: 4.31 MB - rh-postgresql95-postgresql-static-9.5.7-2.el7.x86_64.rpm
MD5: 933870a0be9ef2f134425bec210d0978
SHA-256: dbab92b3843f53dcd178504105fce8f3730141335804b7429a16fab9e059db7d
Size: 130.84 kB - rh-postgresql95-postgresql-test-9.5.7-2.el7.x86_64.rpm
MD5: 6787480c4e6e08863a4216cab6a7c9af
SHA-256: dce1316d815a40cd9b6bbb81d871d4a9baa471279275c50ac44b1c95ef3e7d51
Size: 1.45 MB