Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0214
postgresql:9.6 security update
19 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: postgresql:9.6
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25696 CVE-2020-25695 CVE-2020-25694
CVE-2020-14350 CVE-2020-1720 CVE-2019-10208
CVE-2019-10130
Reference: ESB-2021.0211
ESB-2021.0104
ESB-2020.4533
ESB-2020.4470
ESB-2020.4449
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0167
https://access.redhat.com/errata/RHSA-2021:0164
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: postgresql:9.6 security update
Advisory ID: RHSA-2021:0167-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0167
Issue date: 2021-01-18
CVE Names: CVE-2019-10130 CVE-2019-10208 CVE-2020-1720
CVE-2020-14350 CVE-2020-25694 CVE-2020-25695
CVE-2020-25696
=====================================================================
1. Summary:
An update for the postgresql:9.6 module is now available for Red Hat
Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
PostgreSQL is an advanced object-relational database management system
(DBMS).
The following packages have been upgraded to a later upstream version:
postgresql (9.6.20).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation"
sandbox (CVE-2020-25695)
* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY
DEFINER execution (CVE-2019-10208)
* postgresql: Uncontrolled search path element in CREATE EXTENSION
(CVE-2020-14350)
* postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)
* postgresql: Selectivity estimators bypass row security policies
(CVE-2019-10130)
* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization
checks (CVE-2020-1720)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted
after installing this update.
5. Bugs fixed (https://bugzilla.redhat.com/):
1707109 - CVE-2019-10130 postgresql: Selectivity estimators bypass row security
policies
1734416 - CVE-2019-10208 postgresql: TYPE in pg_temp executes arbitrary SQL during
SECURITY DEFINER execution
1798852 - CVE-2020-1720 postgresql: ALTER ... DEPENDS ON EXTENSION is missing
authorization checks
1865746 - CVE-2020-14350 postgresql: Uncontrolled search path element in CREATE
EXTENSION
1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security
settings
1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted operation"
sandbox
1894430 - CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated variables
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f.src.rpm
aarch64:
postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-debugsource-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f.aarch64.rpm
ppc64le:
postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-debugsource-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f.ppc64le.rpm
s390x:
postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-debugsource-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f.s390x.rpm
x86_64:
postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-debugsource-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-10130
https://access.redhat.com/security/cve/CVE-2019-10208
https://access.redhat.com/security/cve/CVE-2020-1720
https://access.redhat.com/security/cve/CVE-2020-14350
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25695
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYAW1ftzjgjWX9erEAQjUcQ/+Pe+0UrJJ9h8Ffe3sGAGEvZKqR9/L1Za6
Ubdff6L3eIjrEmPOnq2JWNzKDw0RXpv1s4tiyyrxc2T+kv5FwWWuCw6XWBj1Z48F
/dLI8qSvHAvSMqR+Vh5S3wtxy5yli4InM4UDe31gt88MNwKe8paEEf+DR7jSPuNW
Ffz69IwbJEKXMBsLk4G4rei446vU+m7cocvTjZ9AJd/02SxtGfcrZwXk4i3myBlU
G1CLQdU52b7k4qWzuMwNBKtZnRqjgt+isFG9Z2y+Lx+LEfsderAfbA4Q0enD7eWu
PdlPBvQzVALdlQKD9zI6Pv+dhCTQpVXGWQVjw0QwPfh1aFIyU7bomvt2BaKTIxt5
oaiUUIY1PE5GmRbDoL2F+hLgN21uLiJoEEZWUqVE6eMqAcG3LAjV4pY4Pd6gUERq
xX9g+f6GeaHmVc6h9Tb6kkF7vHXZ47ahUTV8+F/FmJ7VM8NDHTOD/EZyY6XSwFfY
Ym69tVc3GbshtjD+LoLZqHsKbkO3uH9t8uziKH4snpdMvnMLJzwr59xNE8nlsqkJ
/9cFQ2atjWnRjEuqsEh0u5KsCJLqKWwsmlifwx6oDlnXgVquCRIRzWpLNez1kdEx
uWdtYoNcjmt7W1juJRNSo6VaxCm4/+xydlvElg6/wXjRUsz/0iSq3vVh7UtvNmwq
Tv0otd8EJcc=
=kCBq
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: postgresql:9.6 security update
Advisory ID: RHSA-2021:0164-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0164
Issue date: 2021-01-18
CVE Names: CVE-2019-10130 CVE-2019-10208 CVE-2020-1720
CVE-2020-14350 CVE-2020-25694 CVE-2020-25695
CVE-2020-25696
=====================================================================
1. Summary:
An update for the postgresql:9.6 module is now available for Red Hat
Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
3. Description:
PostgreSQL is an advanced object-relational database management system
(DBMS).
The following packages have been upgraded to a later upstream version:
postgresql (9.6.20).
Security Fix(es):
* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)
* postgresql: Multiple features escape "security restricted operation"
sandbox (CVE-2020-25695)
* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY
DEFINER execution (CVE-2019-10208)
* postgresql: Uncontrolled search path element in CREATE EXTENSION
(CVE-2020-14350)
* postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)
* postgresql: Selectivity estimators bypass row security policies
(CVE-2019-10130)
* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization
checks (CVE-2020-1720)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted
after installing this update.
5. Bugs fixed (https://bugzilla.redhat.com/):
1707109 - CVE-2019-10130 postgresql: Selectivity estimators bypass row security
policies
1734416 - CVE-2019-10208 postgresql: TYPE in pg_temp executes arbitrary SQL during
SECURITY DEFINER execution
1798852 - CVE-2020-1720 postgresql: ALTER ... DEPENDS ON EXTENSION is missing
authorization checks
1865746 - CVE-2020-14350 postgresql: Uncontrolled search path element in CREATE
EXTENSION
1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security
settings
1894425 - CVE-2020-25695 postgresql: Multiple features escape "security restricted
operation" sandbox
1894430 - CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated
variables
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64.src.rpm
aarch64:
postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
ppc64le:
postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
s390x:
postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
x86_64:
postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-contrib-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-docs-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-plperl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-plpython3-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-server-devel-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-10130
https://access.redhat.com/security/cve/CVE-2019-10208
https://access.redhat.com/security/cve/CVE-2020-1720
https://access.redhat.com/security/cve/CVE-2020-14350
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25695
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYAVcbtzjgjWX9erEAQiydQ//Rru7PeUROrnVO5QEGv/AcKFNzengi7l0
KaAKE67K9S3fo19RQ52U1TlLyBsajvXKFzM04wv1jCfZ497cVALssxfgoRIzpTA7
kD+osLF8nbiHnq8en2S5BbIA5+N2NmpNm1fyNKGAjvloj+fuM/3HE+RKiCUtMKYq
8FfzIepQFIXNfnh2/gdkgSP4Bo0BGIPwxMKLu1YmJqw1zabjCwBlMCQYd7OLwJui
pXa5Z/kVpgQb/ry3PMQu+Ac+f3DJZwxa/CksSj8Jphhnwo71t60V4RPuxVLW71z6
SkRWz+FROwjDYStsCShZgJfAKZWvAYxKd88JUZWoM+YdmKMYY+ACLlSAnWnz0j32
eQeWbeSN5Z5Tgou8rW8naAEjhdsfBX/q+tyd9T/hzuJi+ufnahfupdAbTWKaI3Z4
JoC+xnCN2Ejg00s0CmQZyBT57vJJa1gy7tXvpbqou8upxExBWDUSgbvBkwQyFeZ/
nrT+u/OBDRXZJtSkOY/wgCPofSAPn2FUZJ1YFYOKFafRvB7kMkpT6xMkIVrVK2TL
vsR7y3VzC/UxGzurGXq+PNUsYndOuqvgb+KGrej1XeR6JTJiHve1Z+8GOCzE5w0C
CDktLCj7JzBpD2GjxqQUHt0XvhRD/iZgvQXP6s6fThQZ5r0+IWoCVCkulDphFEgg
tUmtYpks4bA=
=NUE7
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAYXcuNLKJtyKPYoAQi0GA/+IZ59jFT7sPn2SOYcEOVNXJkYmcZN5mJ4
QvlTrFohk/JTrSOW+XkKbh/sZUHfS8f6u2JO9qwSodLlV0CjezFF07PkfhOs/fBD
GM0Ryxc/FBIErTOr4JxUvwiDf+Jr5m6S+KyoJ5CKcyv7Cj3P0xRyFPzwb1B8zke5
YXVMQhnIjKEwDftcfWoY0PKsZ+uuegELWE9Pxb+SCtyCXP/sC0Wd9r0RB5wg5Oyl
UrD96Snzg9Tt0BTQyJOBpgQ15OMLeNwQW5cysqvurerp7eJzKteTK8GGfwyudJuY
lG0EEB0TGk5g2FoRs2ijHitY87GpYcD6LU0wR5z7FULG4xjD4Tx7TLNNCQgQGwrU
C88Td4E2b39SvbrB7HzGWX6BEffZgad2hG0k2DherJXHUKt7XADiNqogEMPgI3N0
GRWWLoIlZr2xBLJykKF3w3Pf16wydDdF9RcXppELkReePkvL/y7pnZrbd6GLPv9O
k1S56MpEWSLY9HziY9+Ec9jR3IuEnWr5zzOemayYY0lDfj2b3+FY/mpqJ7/VzKoj
fU7tHd2Zk0ra5ipQ8EQ40i1oyjafSC/aaBATdBZ/2SuWT7Zb5JTuLnTp3i9MdS4M
qVhIxR3FSFxnFyyd/soTbEEDB79cydBcgfWQ/9lAyAblZ3Yhek/Gxie3f2IXIMWS
aJEwrhlHm+Y=
=JV8l
-----END PGP SIGNATURE-----