Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat: RHSA-2021:0165-01 Critical: libpq Security Fix
An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libpq security update Advisory ID: RHSA-2021:0165-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0165 Issue date: 2021-01-18 CVE Names: CVE-2020-25694 CVE-2020-25696 ==================================================================== 1. Summary: An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898226, BZ#1901561) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings 1894430 - CVE-2020-25696 postgresql: psql's gset allows overwriting specially treated variables 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: libpq-12.5-2.el8_1.src.rpm aarch64: libpq-12.5-2.el8_1.aarch64.rpm libpq-debuginfo-12.5-2.el8_1.aarch64.rpm libpq-debugsource-12.5-2.el8_1.aarch64.rpm libpq-devel-12.5-2.el8_1.aarch64.rpm libpq-devel-debuginfo-12.5-2.el8_1.aarch64.rpm ppc64le: libpq-12.5-2.el8_1.ppc64le.rpm libpq-debuginfo-12.5-2.el8_1.ppc64le.rpm libpq-debugsource-12.5-2.el8_1.ppc64le.rpm libpq-devel-12.5-2.el8_1.ppc64le.rpm libpq-devel-debuginfo-12.5-2.el8_1.ppc64le.rpm s390x: libpq-12.5-2.el8_1.s390x.rpm libpq-debuginfo-12.5-2.el8_1.s390x.rpm libpq-debugsource-12.5-2.el8_1.s390x.rpm libpq-devel-12.5-2.el8_1.s390x.rpm libpq-devel-debuginfo-12.5-2.el8_1.s390x.rpm x86_64: libpq-12.5-2.el8_1.i686.rpm libpq-12.5-2.el8_1.x86_64.rpm libpq-debuginfo-12.5-2.el8_1.i686.rpm libpq-debuginfo-12.5-2.el8_1.x86_64.rpm libpq-debugsource-12.5-2.el8_1.i686.rpm libpq-debugsource-12.5-2.el8_1.x86_64.rpm libpq-devel-12.5-2.el8_1.i686.rpm libpq-devel-12.5-2.el8_1.x86_64.rpm libpq-devel-debuginfo-12.5-2.el8_1.i686.rpm libpq-devel-debuginfo-12.5-2.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYAW0UtzjgjWX9erEAQh7EA/5AUbtRFm32TkzpCi/OrR+vP6+etLmc2ZK U8pU42Vbf46SvPjCQNJ5BYkVOdiDEl9ykYybJkpJ3nWMfz0z0PVf9j8HhobBjCzB goM2n53g8W3IJI9KrN3eoeHUb6UEXSvnTAp5hI7/uWU2fUy1VEclz5BdGU4t/xbC EBfhVlAc1xm48OP5hlIU7BSqfUwpbSNTG6ZC6Tz+NKDYy1mHHF9RW+B92zvi/OXp ewpC/LPjJ6o3qV6Bd0jUMWZpBbHpJC1uk8HBFLaTQK6SIF7h4YOI81e/dTINlDJ5 i1c74gPjUDei2ydUbMy8AVaWxAYN5nI1g8ANOLvxRoLC2aVNUvKUiCNNadKUNyP0 UUA506oLYXoRD7TYq85lZlwQ3E1xPmm878A/4yl4y682jWQ19s4r7b8JFRajCrEm zW5nTRFELpqw5s/0unTBk9j1V8vjQPPyHWDE1vzTZoPgVhYauIl2IInx8gVOaeVg IlD9cFMzwn7LzyvTE8lKBL7ysLzFow1D301AGYBltHCJya6Z3Io5i5UdjUMnZBmP rwf86j0mVTLRAbI00GIwtAkSw+A1uL+DlZVxtMtXTAnocq1TysDXSERfBr+RBHFw 5rOjQs19W8Qm5kq0NjJE0JU4FAUbYQ/y7N9Wt2mE+P6lqvs1SE0rUsJlmIDvkKj8 OAYsEh2rGL4=DSfP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 18, 2021
•Important
Red Hat
98
security advisoryRed HatpatchRed Hat 8.2 RHSA-2021-0057 Important: libpq Connection Security
An update for libpq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libpq security update Advisory ID: RHSA-2021:0057-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0057 Issue date: 2021-01-11 CVE Names: CVE-2020-25694 CVE-2020-25696 ==================================================================== 1. Summary: An update for libpq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898227, BZ#1901559) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings 1894430 - CVE-2020-25696 postgresql: psql's gset allows overwriting specially treated variables 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: libpq-12.5-1.el8_2.src.rpm aarch64: libpq-12.5-1.el8_2.aarch64.rpm libpq-debuginfo-12.5-1.el8_2.aarch64.rpm libpq-debugsource-12.5-1.el8_2.aarch64.rpm libpq-devel-12.5-1.el8_2.aarch64.rpm libpq-devel-debuginfo-12.5-1.el8_2.aarch64.rpm ppc64le: libpq-12.5-1.el8_2.ppc64le.rpm libpq-debuginfo-12.5-1.el8_2.ppc64le.rpm libpq-debugsource-12.5-1.el8_2.ppc64le.rpm libpq-devel-12.5-1.el8_2.ppc64le.rpm libpq-devel-debuginfo-12.5-1.el8_2.ppc64le.rpm s390x: libpq-12.5-1.el8_2.s390x.rpm libpq-debuginfo-12.5-1.el8_2.s390x.rpm libpq-debugsource-12.5-1.el8_2.s390x.rpm libpq-devel-12.5-1.el8_2.s390x.rpm libpq-devel-debuginfo-12.5-1.el8_2.s390x.rpm x86_64: libpq-12.5-1.el8_2.i686.rpm libpq-12.5-1.el8_2.x86_64.rpm libpq-debuginfo-12.5-1.el8_2.i686.rpm libpq-debuginfo-12.5-1.el8_2.x86_64.rpm libpq-debugsource-12.5-1.el8_2.i686.rpm libpq-debugsource-12.5-1.el8_2.x86_64.rpm libpq-devel-12.5-1.el8_2.i686.rpm libpq-devel-12.5-1.el8_2.x86_64.rpm libpq-devel-debuginfo-12.5-1.el8_2.i686.rpm libpq-devel-debuginfo-12.5-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX/wultzjgjWX9erEAQh8VRAAmyolkVnC0SnzTePz+HoBNLdsaG6iDQgP 8JteK+l3y/4hwAgwU7qQL0cKOo+uYuKlIYEGTz/aaYi4OPmQyOFVWcQs68U4E+SW d50hRnHgmtaTc7YmBK0FDedACUMRS4YNF/r3fbn3TkwGrdSEYxfz4PDH7y1zqFu7 EVFsbjY7x+Q8xJFblXy7/hTKdZekQHVdMM1iE3GFxtCooPdbcLgul5VSyU+0ePJL ocCm+ID55n8qkESCN5Rm5WXFzpKg45QAp/YXPIs3ZNAgDZsq/87+pVAUtGB80ztc HWJbzVv3o0KAjsZOLs0NTqkpKYogoB9SLrSh+f5F7SvpvhoMi60s8l7iyDvb4sOY DL50DrMyT2YSfX9HtIpAQFVeBXfnVyOVofBq2g9dszktxqJ4Ie4b1gUVEC5AyIff sKXzuLJ890R+c6MIA8yjMH9Rd6JPdzxMnvHDDzvMPwYW5InxWQrFtz+piUG7EdDs tvAY1J7JnbS95SUIr668AOW26lHQXWCI6v7gmhzMtxqQ+JHjMLqJdhhjvG5EvqS2 hZZsqZ1nRLHL9oZlpmfw+NcWcAZ2D9ZgxrTusdaYYgwZnV/tnQpP+OKImWNRQP26 vUOJYk6IBVmfeMnCpmLiXSpHfPKvmEhD1ui/hB/0/yXDrtToztbvSiGJlHX/WgfZ W81vtdt5KxI=JID3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 11, 2021
•Important
Red Hat
98
security advisorysecurity updatesecurity issueRedHat: RHSA-2020:5661-01 Important: PostgreSQL 9.6 Security Issue
An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: postgresql:9.6 security update Advisory ID: RHSA-2020:5661-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5661 Issue date: 2020-12-22 CVE Names: CVE-2019-10130 CVE-2019-10208 CVE-2020-1720 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 ==================================================================== 1. Summary: An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.6.20). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350) * postgresql: psql'sgset allows overwriting specially treated variables (CVE-2020-25696) * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130) * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1707109 - CVE-2019-10130 postgresql: Selectivity estimators bypass row security policies 1734416 - CVE-2019-10208 postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution 1798852 - CVE-2020-1720 postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks 1865746 - CVE-2020-14350 postgresql: Uncontrolled search path element in CREATE EXTENSION 1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings 1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted operation" sandbox 1894430 - CVE-2020-25696 postgresql: psql's gset allows overwriting specially treated variables 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.0): Source: postgresql-9.6.20-1.module+el8.0.0+9157+356b8def.src.rpm aarch64: postgresql-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-contrib-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-docs-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-plperl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-plpython3-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-pltcl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-server-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-server-devel-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-test-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def.aarch64.rpm ppc64le: postgresql-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-contrib-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-docs-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-plperl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-plpython3-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-pltcl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-server-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-server-devel-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-test-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def.ppc64le.rpm s390x: postgresql-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-contrib-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-docs-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-plperl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-plpython3-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-pltcl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-server-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-server-devel-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-test-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def.s390x.rpm x86_64: postgresql-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-contrib-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-docs-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-plperl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-plpython3-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-pltcl-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-server-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-server-devel-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-test-debuginfo-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-10130 https://access.redhat.com/security/cve/CVE-2019-10208 https://access.redhat.com/security/cve/CVE-2020-1720 https://access.redhat.com/security/cve/CVE-2020-14350 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25695 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+G0OtzjgjWX9erEAQiqRA/9H9YJBu+E99EpyyCM6j3bUqZ/v8tdPuVt 5jkXThCnMA47SGYqyZDiYyW2mE0M+i2oyGvJ5Gvr1yUesUIc7S24JOItWhxL6Afz KaaydVm4xH/4/Gr7Ydh3wcASeFXnJltVSgZ14vKvf8+iDJv+pDsui4hCcAcV49UL pRwB5HUtUjAXVLJabM6Rbzz8H309hc9jiyWxrkjz+8z45zdhBHDPut7rNTKxsHZP yxnaVYX6HaKYd4Qw59sHt+RxH+ZU1VDlPS8gvJGlbtrK+Xr9Bz5CW6GHTzQf6PdV r4I+EvvqMh+7Ci9NeBHXdRhI+zgEd1Iw+vaN9LxG1wHVAQ0Z8ENVCi+BXHlZd690 q3syFyf7jkQMaEaxlkW710u1DQtw4lZblFvOp3UK+nSv+tMawNlX/83hqxNuwl7R 0N/OJD8K9bN8YmJizXtvSTPpVSkcQgt1daRqVRMAZjky2x42xjFEkRcymfpVyS75 xMpx4xzkMK0r33xhXhSyuRQtP9wv5/BSoXwER3zCzkqiKtZ52bvJCWCpb5HxKOjo hiRld4YUYDTSnS0NFEVpAlIDzMqm+jSemm9V325Se4sELutYZ41DgI3NRTBuTKID 1RuiDDgCPy/I8TPv/nIcj+Jzga47lolpfgv6SM3nGzVleqFkNOEG2Npen0T/u6M/ j2ZNm+UyV88=MNFn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 22, 2020
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat 8: RHSA-2020:5567-01 Important: PostgreSQL 10 DoS
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: postgresql:10 security update Advisory ID: RHSA-2020:5567-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5567 Issue date: 2020-12-16 CVE Names: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 ==================================================================== 1. Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (10.15). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings 1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted operation" sandbox 1894430 - CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated variables 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: postgresql-10.15-1.module+el8.3.0+8944+1ca16b1f.src.rpm aarch64: postgresql-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-contrib-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-contrib-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-debugsource-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-docs-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-docs-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-plperl-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-plperl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-plpython3-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-plpython3-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-pltcl-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-pltcl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-server-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-server-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-server-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-server-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-static-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-test-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-test-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-test-rpm-macros-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-upgrade-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-upgrade-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-upgrade-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm postgresql-upgrade-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.aarch64.rpm ppc64le: postgresql-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-contrib-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-contrib-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-debugsource-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-docs-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-docs-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-plperl-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-plperl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-plpython3-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-plpython3-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-pltcl-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-pltcl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-server-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-server-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-server-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-server-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-static-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-test-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-test-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-test-rpm-macros-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-upgrade-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-upgrade-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-upgrade-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm postgresql-upgrade-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.ppc64le.rpm s390x: postgresql-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-contrib-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-contrib-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-debugsource-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-docs-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-docs-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-plperl-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-plperl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-plpython3-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-plpython3-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-pltcl-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-pltcl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-server-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-server-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-server-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-server-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-static-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-test-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-test-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-test-rpm-macros-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-upgrade-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-upgrade-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-upgrade-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm postgresql-upgrade-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.s390x.rpm x86_64: postgresql-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-contrib-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-contrib-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-debugsource-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-docs-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-docs-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-plperl-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-plperl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-plpython3-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-plpython3-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-pltcl-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-pltcl-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-server-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-server-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-server-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-server-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-static-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-test-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-test-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-test-rpm-macros-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-upgrade-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-upgrade-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-upgrade-devel-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm postgresql-upgrade-devel-debuginfo-10.15-1.module+el8.3.0+8944+1ca16b1f.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25695 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX9nEqtzjgjWX9erEAQiYPQ/+PLzn2TatIDCie7JOQ4ghB7Ruf65S2tIL WPnAVyd8WBYwCHdL60uwQauJZHS6z9dMqHFDiYWoMShMJUK+HuO+/gV4zKt5m9zR 7ZDfTZJ9TuFtML8KORf/4mKJfCZ2J2eM3luU+eQp/NnwlZ26BXdGvXigHV+eDxty 4H+MpOoZLyX3mcZjHPOAOn9224JS8xPv6VZdMfHVhvs1Q/7V/YcY8aRr3f0IrzLz M7gxqf7qjx+raNU8WCCT/QdBfOOU5vDh8ENM7MWQPi/grUslDvANfGLLZwZVVVJ+ jzKv+OkR1PvFOhnkHFTVoqap/F/md0V6suj+EIF0wP+4kVrdLORiY8QD9pxHT1jT 2vCfYSF5XFHkEHll7SSU0pE2csjBA90boPqcc8XQeKbRQAiu44eaxWNfcsVzsjVG gNcmbMpjIxnaDXZAx1qJS4O2n8aYLGxed0LGx3o3gpx4X3+RuuzS6aYASt0KXhYE cgB3gX/iHXnwbryCivTQ+9s/J3DVq2LvGQwffqgMIBkalXRO5RmmQstPXG/Nt2CV EPnn15VOMxZ6Cskd742QLpLLNr7vfzzIkqS1HupnM/L9Gfegxn3Aytg470wAPnN7 /ctm1K6CXKKmFaz9vAPVIH6hGCTjB2G9BLSgqWGcNisVo3PvNfRwBZeTfwr4r053 98mVZ6CDZvQ=uPHP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 16, 2020
•Important
Red Hat
98
security advisoryred hatsecurity fixRed Hat: RHSA-2020-5401 Important Libpq Security Update - Connection Risks
An update for libpq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libpq security update Advisory ID: RHSA-2020:5401-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5401 Issue date: 2020-12-14 CVE Names: CVE-2020-25694 CVE-2020-25696 ==================================================================== 1. Summary: An update for libpq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898228, BZ#1901558) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings 1894430 - CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated variables 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libpq-12.5-1.el8_3.src.rpm aarch64: libpq-12.5-1.el8_3.aarch64.rpm libpq-debuginfo-12.5-1.el8_3.aarch64.rpm libpq-debugsource-12.5-1.el8_3.aarch64.rpm libpq-devel-12.5-1.el8_3.aarch64.rpm libpq-devel-debuginfo-12.5-1.el8_3.aarch64.rpm ppc64le: libpq-12.5-1.el8_3.ppc64le.rpm libpq-debuginfo-12.5-1.el8_3.ppc64le.rpm libpq-debugsource-12.5-1.el8_3.ppc64le.rpm libpq-devel-12.5-1.el8_3.ppc64le.rpm libpq-devel-debuginfo-12.5-1.el8_3.ppc64le.rpm s390x: libpq-12.5-1.el8_3.s390x.rpm libpq-debuginfo-12.5-1.el8_3.s390x.rpm libpq-debugsource-12.5-1.el8_3.s390x.rpm libpq-devel-12.5-1.el8_3.s390x.rpm libpq-devel-debuginfo-12.5-1.el8_3.s390x.rpm x86_64: libpq-12.5-1.el8_3.i686.rpm libpq-12.5-1.el8_3.x86_64.rpm libpq-debuginfo-12.5-1.el8_3.i686.rpm libpq-debuginfo-12.5-1.el8_3.x86_64.rpm libpq-debugsource-12.5-1.el8_3.i686.rpm libpq-debugsource-12.5-1.el8_3.x86_64.rpm libpq-devel-12.5-1.el8_3.i686.rpm libpq-devel-12.5-1.el8_3.x86_64.rpm libpq-devel-debuginfo-12.5-1.el8_3.i686.rpm libpq-devel-debuginfo-12.5-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX9dhLtzjgjWX9erEAQix8Q/8CGXWFjuh6pd+JU3acODsOl9QPCDIPaVB z9SwnEVJybWAXnxjemADDkymNPlHOei9I79iFxkWDS05EH0+7wcjHLZ6Ln1dtAGK DnHXVnBOOaBqKLxl8R5X2d6s3MONSKanUngjUppxg2FlhezbDgWRxdlNY7Jf/IiI c7JxJdKt2Ehw9h0h2GTKHW6DpFumt/4g8EjFEpTDhJr5lFqQ2a462rbwAwxYZsdn bmZcCyAnkfED9Qdk7e/unxnBWfl/CSZe+4JvJGlUjPCT9CeV+0C8Vf2YeoCZ8n3/ YNQDUOxc1+FFHnLyG/TEDk9Mb1EloW+337p1VQlYTaaMHe8SdtyU82wEpUxKQkZN jpYRD0LDeuJ+gos0C1KaG10D/+WhNZiiVFD/fYjt9X69Lt8iy/dbiuxDqb4dX5IP HWeE57mpkKrnyKAaRMzbg2JKsoCE05oPjQUchdIYZt+gfjM5i+uUNpM/V7gl1jPD R00RxT9ZtlJlTWT1mFLHz1iO7CaA1osHWqHlAbe5xoYDY2hHZLAOfSA7Xufw6HsX AfthWSPurPn6JLC7PlbEMtUTvBG5fcxwS+Ay59o96NoghwaR7x5jVTZdgFlbCGQb qDIoWGmvogjYZ0ubprc4iIjIIPcYyhvEyfz5WiZsgDXq3rzVKdE8sy5eGcQhgHPE y34aNBnTnk4=84JV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 14, 2020
•Important
Red Hat
89
security advisorymoderatefedoraFedora 22: 2016-838200213e Moderate: Gajim Connection Security Update
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-838200213e 2016-01-14 05:18:49.941744 -------------------------------------------------------------------------------- Name : gajim Product : Fedora 22 Version : 0.16.5 Release : 1.fc22 URL : https://gajim.org/ Summary : Jabber client written in PyGTK Description : Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. -------------------------------------------------------------------------------- Update Information: Version 0.16.5 of Gajim has been released. What's new since 0.16.4: * Improve Message Archive Management implementation * Improve security on connexion and for roster management (CVE-2015-8688) Full changelog: List of fixed bugs: ;milestone=0.16.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295476 - CVE-2015-8688 gajim: Message interception due to unverified origin of roster push [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1295476 [ 2 ] Bug #1294552 - gajim-0.16.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1294552 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gajim' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 14, 2016
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!