rh-postgresql94-postgresql-9.4.12-1.AXS4
エラータID: AXSA:2017-1728:01
PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.
Security issues fixed with this release
CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL
before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
providing information from pg_statistic, possibly leaking information.
An unprivileged attacker could use this flaw to steal some information
from tables they are otherwise not allowed to access.
CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL
environment variable was no longer enforcing a SSL/TLS connection to a
PostgreSQL server. An active Man-in-the-Middle attacker could use this
flaw to strip the SSL/TLS protection from a connection between a
client and a server.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
pg_user_mappings view which discloses foreign server passwords to any
user having USAGE privilege on the associated foreign server.
The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql (9.4.12).
Update packages.
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
N/A
SRPMS
- rh-postgresql94-postgresql-9.4.12-1.AXS4.src.rpm
MD5: 12b48b0220e9d9db7d86c5400e9e709a
SHA-256: d3325a94db4d72008ef5dea03a834a673af7ef2b9dd13e0e08887799eaefa54c
Size: 24.40 MB
Asianux Server 4 for x86_64
- rh-postgresql94-postgresql-9.4.12-1.AXS4.x86_64.rpm
MD5: 7aeafad4eecf01f3adb61a9e3c8def20
SHA-256: 747aa653fb34fe7ba6f5c99d518001696418c9ea0c28de605f1d25f370414d1d
Size: 3.19 MB - rh-postgresql94-postgresql-contrib-9.4.12-1.AXS4.x86_64.rpm
MD5: 3b7510c5d7129f43863bc093bf430491
SHA-256: 9046d325c78752d451caf3891041675ab166584ac5d3ee496677607477087032
Size: 522.43 kB - rh-postgresql94-postgresql-devel-9.4.12-1.AXS4.x86_64.rpm
MD5: eaabe0017a236e9e3d4b8f0a5bc54065
SHA-256: 682a6456e7d51c7c70f6de7204fded2ddcbc907d5c2355c24e2d6b35a96a6305
Size: 1.01 MB - rh-postgresql94-postgresql-docs-9.4.12-1.AXS4.x86_64.rpm
MD5: 3e65643400281c111490e52448d87f2f
SHA-256: b2f989ce69dd003dace80d726166843501e45fcdb4b93650219e3aa65c3d0188
Size: 9.87 MB - rh-postgresql94-postgresql-libs-9.4.12-1.AXS4.x86_64.rpm
MD5: 98e79dcd8aa898999542e184d8f8a677
SHA-256: 8502ac9fab0df5866bc04fb81b35daadc528e05594a2b4d0785866835a29b953
Size: 224.82 kB - rh-postgresql94-postgresql-plperl-9.4.12-1.AXS4.x86_64.rpm
MD5: ca2355751e00d2305d86a3e88d0bd2e3
SHA-256: dc52f27632cb95787fe52105c1afb93a05adb8b3320bf309324e5518df47c30f
Size: 84.19 kB - rh-postgresql94-postgresql-plpython-9.4.12-1.AXS4.x86_64.rpm
MD5: 2c49d377dedd7f2ca64df189e43cf79d
SHA-256: 486d3be0b6b6cd96a9b26a8f48301d7e2448b1d7eb2736843b6553a23fcb23c3
Size: 93.51 kB - rh-postgresql94-postgresql-pltcl-9.4.12-1.AXS4.x86_64.rpm
MD5: fd1774940a1ba1dd26664ddd7680cbfc
SHA-256: fdfc96e25a1f1ba80cd052332cd1831d444ccd9dda88de02ebf832c63ca83b56
Size: 58.48 kB - rh-postgresql94-postgresql-server-9.4.12-1.AXS4.x86_64.rpm
MD5: a04c76ee6bdfbe5ed8f86c63596c2e76
SHA-256: aeecf38cc3412a0e705d928b530d9d6aae089905822759ce4c094177475340c3
Size: 4.59 MB - rh-postgresql94-postgresql-test-9.4.12-1.AXS4.x86_64.rpm
MD5: 0e5f3c01cccce434f74efb342b65bcc0
SHA-256: b2da04dd3aad79fd8f5958af7edaf1626dc561f70e2d71b5ff03c1c7a39ba21b
Size: 2.18 MB - rh-postgresql94-postgresql-upgrade-9.4.12-1.AXS4.x86_64.rpm
MD5: 99287b2fa0e6cf7bf3aa6c49bb23d181
SHA-256: 1f35e5ceca2879d4d052d0bcc577895036b07a1666b8fb5808ba5ae69cfd74db
Size: 79.67 kB