Уязвимость CVE-2020-25694: Информация
Описание
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Важность: HIGH (8,1) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
|---|---|---|---|---|---|---|
| postgresql10 | p10 | 10.15-alt1 | 10.23-alt1.p10.1 | ALT-PU-2020-3314-1 | 261833 | Исправлено |
| postgresql10 | p9 | 10.15-alt2 | 10.23-alt0.M90P.1 | ALT-PU-2020-3459-1 | 262868 | Исправлено |
| postgresql10 | p8 | 10.16-alt0.M80P.1 | 10.19-alt0.M80P.1 | ALT-PU-2021-1503-1 | 266728 | Исправлено |
| postgresql10 | c10f1 | 10.15-alt1 | 10.23-alt1 | ALT-PU-2020-3314-1 | 261833 | Исправлено |
| postgresql10 | c9f2 | 10.17-alt0.M90P.1 | 10.23-alt0.M90P.1 | ALT-PU-2021-1903-1 | 271832 | Исправлено |
| postgresql11 | p10 | 11.10-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-3315-1 | 261833 | Исправлено |
| postgresql11 | p9 | 11.10-alt2 | 11.22-alt0.M90P.1 | ALT-PU-2020-3460-1 | 262868 | Исправлено |
| postgresql11 | p8 | 11.11-alt0.M80P.1 | 11.14-alt0.M80P.1 | ALT-PU-2021-1504-1 | 266728 | Исправлено |
| postgresql11 | c10f1 | 11.10-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-3315-1 | 261833 | Исправлено |
| postgresql11 | c9f2 | 11.12-alt0.M90P.1 | 11.22-alt0.M90P.1 | ALT-PU-2021-1904-1 | 271832 | Исправлено |
| postgresql11-1C | p8 | 11.10-alt0.M80P.2 | 11.12-alt0.M80P.2 | ALT-PU-2021-1505-1 | 266728 | Исправлено |
| postgresql12 | sisyphus | 12.5-alt1 | 12.18-alt1 | ALT-PU-2020-3316-1 | 261833 | Исправлено |
| postgresql12 | p10 | 12.5-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-3316-1 | 261833 | Исправлено |
| postgresql12 | p9 | 12.5-alt0.M90P.1 | 12.18-alt0.M90P.1 | ALT-PU-2020-3456-1 | 262868 | Исправлено |
| postgresql12 | p8 | 12.6-alt0.M80P.1 | 12.9-alt0.M80P.1 | ALT-PU-2021-1506-1 | 266728 | Исправлено |
| postgresql12 | c10f1 | 12.5-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-3316-1 | 261833 | Исправлено |
| postgresql12 | c9f2 | 12.5-alt0.p9.1 | 12.18-alt0.c9f2.1 | ALT-PU-2020-3321-1 | 261873 | Исправлено |
| postgresql13 | sisyphus | 13.1-alt1 | 13.14-alt1 | ALT-PU-2020-3311-1 | 261833 | Исправлено |
| postgresql13 | p10 | 13.1-alt1 | 13.14-alt0.p10.1 | ALT-PU-2020-3311-1 | 261833 | Исправлено |
| postgresql13 | c10f1 | 13.1-alt1 | 13.14-alt0.p10.1 | ALT-PU-2020-3311-1 | 261833 | Исправлено |
| postgresql9.5 | p9 | 9.5.24-alt2 | 9.5.25-alt1 | ALT-PU-2020-3457-1 | 262868 | Исправлено |
| postgresql9.5 | p8 | 9.5.25-alt0.M80P.1 | 9.5.25-alt0.M80P.1 | ALT-PU-2021-1501-1 | 266728 | Исправлено |
| postgresql9.5 | c9f2 | 9.5.25-alt1 | 9.5.25-alt1 | ALT-PU-2021-1901-1 | 271832 | Исправлено |
| postgresql9.6 | p9 | 9.6.20-alt2 | 9.6.24-alt0.M90P.1 | ALT-PU-2020-3458-1 | 262868 | Исправлено |
| postgresql9.6 | p8 | 9.6.21-alt0.M80P.1 | 9.6.24-alt0.M80P.1 | ALT-PU-2021-1502-1 | 266728 | Исправлено |
| postgresql9.6 | c9f2 | 9.6.20-alt1 | 9.6.24-alt0.M90P.1 | ALT-PU-2020-3320-1 | 261872 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
|---|---|
| https://www.postgresql.org/support/security/ |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1894423 |
|
| https://security.netapp.com/advisory/ntap-20201202-0003/ |
|
| [debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update |
|
| GLSA-202012-07 |
|