postgresql-9.2.23-1.el7
エラータID: AXSA:2017-2243:02
リリース日:
2017/09/15 Friday - 11:04
題名:
postgresql-9.2.23-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQLには、空のパスワードでリモート攻撃者にアクセスを許してしまう、誤った認証に関する脆弱性があります。 (CVE-2017-7546)
- PostgreSQLには、実際には権限を持っていない外部のサーバの所有者によって定義されたユーザマッピングから、リモートの認証された攻撃者がパスワードを取得することを許してしまう脆弱性があります。(CVE-2017-7547)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
Update packages.
CVE:
CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-9.2.23-1.el7.src.rpm
MD5: 503b9e8cdbe348b2f3e05ae8c1491e71
SHA-256: 489d927aa06924ac64b8bb2eea521b17b112c44c764f7ed1b6d12e574ec5a8ea
Size: 35.93 MB
Asianux Server 7 for x86_64
- postgresql-9.2.23-1.el7.x86_64.rpm
MD5: 13f91c69b132514408f2b746b9d46a25
SHA-256: 25f67c53d8d99a13de37accf20e0f20cf093bf910b57cd2fe891cdd9ef5c645f
Size: 3.03 MB - postgresql-contrib-9.2.23-1.el7.x86_64.rpm
MD5: 68b68cbc2f44b038a0104af59da9343a
SHA-256: fc44edbdb3eb5f7d950f9e0deb2c4f0b86c5f48b7ff39e81bbdfc9d0bf89903d
Size: 550.98 kB - postgresql-devel-9.2.23-1.el7.x86_64.rpm
MD5: f91f3575329ba34a822383c8c1ba5f35
SHA-256: d6160330b953a1855b3add79c1747c7a0e5ffd909da8a2f4610f6b7550c3a9c2
Size: 950.63 kB - postgresql-docs-9.2.23-1.el7.x86_64.rpm
MD5: 814b7fc329234439ed66d39d8bed06d8
SHA-256: 1c324bd51fdf43cdba2944a7b28c01eb14297c5cc520743308c8ae7866092a46
Size: 6.86 MB - postgresql-libs-9.2.23-1.el7.x86_64.rpm
MD5: 92f257fe3e806ec7c400165bdf246f01
SHA-256: 553c96e2ed7b855f4e9d15669bef837d1e7722e8fe30ddf2290ee8d623292f70
Size: 232.52 kB - postgresql-plperl-9.2.23-1.el7.x86_64.rpm
MD5: 0c46be8b6a2bacddc782d66c81d5d916
SHA-256: ecfebfdbc1956fbf43b66231ae020cbaf7fcfd91e8c298b445c2cc0bd5bbe73b
Size: 82.07 kB - postgresql-plpython-9.2.23-1.el7.x86_64.rpm
MD5: 578a9bb65d2496d37a8cd38d501c0554
SHA-256: 2114238b39e836d000b3dcad0bb84306cc374fa3f2a0625404bd52f5a1405cdb
Size: 95.01 kB - postgresql-pltcl-9.2.23-1.el7.x86_64.rpm
MD5: 6b64314ef797032c73e37a6d333e1b48
SHA-256: 5975fd98f71372e81428817fe3c98c49f976a06140f5994ee32d40b382126b42
Size: 58.29 kB - postgresql-server-9.2.23-1.el7.x86_64.rpm
MD5: 12c13cbb46b76052b68d7daa34b584e5
SHA-256: 63f29b72ad312e2b54a6df8f70eab5dd229abe41bfd12ceac879f13ebe73f01b
Size: 3.78 MB - postgresql-test-9.2.23-1.el7.x86_64.rpm
MD5: 56bb13e8c70c2dc8d7db29b44aac701c
SHA-256: 595637fcdc769176dd1c39a74d95bfd171a689abb7d662f02956d2e0fea73eb9
Size: 1.76 MB - postgresql-9.2.23-1.el7.i686.rpm
MD5: 94ec1cf23c50979b07aa7b5d02f550da
SHA-256: 8dcf1fef4b45ed163c3e57863dee75e093d440bc79583c6d5c68210cc767ae77
Size: 3.01 MB - postgresql-devel-9.2.23-1.el7.i686.rpm
MD5: 07e34729ec85e3f080eb58f770288edd
SHA-256: dbf574e1641df4b81feb2007c17a9ade90c83bfd1ad5fdbb77c5a50204300ff7
Size: 944.64 kB - postgresql-libs-9.2.23-1.el7.i686.rpm
MD5: fa5fbd6129a0d64ae5614af0d448697a
SHA-256: 15408ea170f12429ae9167d6588daf148e9d0a3fccc16a59ada40034a0916f27
Size: 232.14 kB