Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Red Hat RHSA-2020-5317-01 Important: PostgreSQL Security Update Critical

Calendar Dec 02, 2020 User Avatar LinuxSecurity Advisories
6 - 12 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security update Red Hat update red hat important database threats postgresql software collection rh-postgresql
An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: rh-postgresql12-postgresql security update
Advisory ID:       RHSA-2020:5317-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5317
Issue date:        2020-12-02
CVE Names:         CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 
====================================================================
1. Summary:

An update for rh-postgresql12-postgresql is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS). 

The following packages have been upgraded to a later upstream version:
rh-postgresql12-postgresql (12.5).

Security Fix(es):

* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)

* postgresql: Multiple features escape "security restricted operation"
sandbox (CVE-2020-25695)

* postgresql: psql's gset allows overwriting specially treated variables
(CVE-2020-25696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings
1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted operation" sandbox
1894430 - CVE-2020-25696 postgresql: psql's gset allows overwriting specially treated variables

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25695
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX8dvTtzjgjWX9erEAQhKTw/+OUqM8is9vY+5tRDbnzQZh2+NqU4J9yHq
sg83O3N0JngAwacxYqtEaXbiumCrC3gO3pvr5B8O0Jn8QEgXyEJ1LWFjIL5iLCwE
bMaTrxamwwRdteMRUMYKRAvdoTRC950iE55nMMNf+iy3tkP/vIyaXeT+HypmUCtW
Tsh2g3VURC03TvToKbc2du3l+dtDcPY6d5es/F5nBdfPrDhsph1mkeq29JpQfgCZ
rUy9OjLk+JDveL8BCZyXdlMxhizCiZp9KcnYqQlq22SoJORIgrmUUtTErCO2h+3v
yWZbImY+qSDoeFfYenCpje3/SsbUaWOi0J9mM6SgWWyEqM2n7oPyXto3YrmqUZB6
ZEQXPHeHVo0EBU8YPmlCYq9vSqCuWGh66eMTtQ+opWdLzii5FnsGDBU44acddSc+
VnG1Iyw/LIiJfEsaeWi0uioSgMkKSMa84oo0VIUu3S6oiDY1F68964USNyfOgKl5
A3YRYWNuTRtKYIjIwTujKstgww79du5hW9AI/XosPhY7zzbK2HzNzoD2VAVlVemv
F/iHwvO7I6+qAZIg4IN3yO1mggp2K1MXtOMzm5cHGWXhxWW60UuiK4ROCPxHHYix
0/KI95bT86derr1QtzjCZpPVNMEN2WAA/Xee/bB/VN2la/T9bYo/HWRX7gW4n7r8
dB3JhyhOA+Y=tvzJ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat RHSA-2020-5317-01 Important: PostgreSQL Security Update Critical

red hat
Calendar Grey December 2, 2020
Dist Redhat Esm H88
A critical security patch for rh-mysql56-mysql improves defense against newly identified vulnerabilities.
An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update.

Summary

PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: rh-postgresql12-postgresql (12.5).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695)
* postgresql: psql's gset allows overwriting specially treated variables (CVE-2020-25696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat update red hat important database threats postgresql software collection rh-postgresql

References

https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25695 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-postgresql12-postgresql-12.5-1.el7.src.rpm
ppc64le: rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm
s390x: rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:5317-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5317
Issue date: 2020-12-02

Topic

An update for rh-postgresql12-postgresql is now available for Red HatSoftware Collections.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat update red hat important database threats postgresql software collection rh-postgresql

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Bugs Fixed

1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings

1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted operation" sandbox

1894430 - CVE-2020-25696 postgresql: psql's gset allows overwriting specially treated variables

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here