Red Hat Security Advisory 2020-5401-01

Red Hat Security Advisory 2020-5401-01: Posted Dec 14, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-5401-01 - The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-25694, CVE-2020-25696; SHA-256 | c0ffcba93d8aab5c64e650387f3c60b72ee4a2a0a4b0fdd2ecadb75cc0b9c855; Download | Favorite | View

Red Hat Security Advisory 2020-5401-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libpq security update
Advisory ID:       RHSA-2020:5401-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5401
Issue date:        2020-12-14
CVE Names:         CVE-2020-25694 CVE-2020-25696 
=====================================================================

1. Summary:

An update for libpq is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libpq package provides the PostgreSQL client library, which allows
client programs to connect to PostgreSQL servers. 

The following packages have been upgraded to a later upstream version:
libpq (12.5). (BZ#1898228, BZ#1901558)

Security Fix(es):

* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)

* postgresql: psql's \gset allows overwriting specially treated variables
(CVE-2020-25696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1894423 - CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings
1894430 - CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated variables

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
libpq-12.5-1.el8_3.src.rpm

aarch64:
libpq-12.5-1.el8_3.aarch64.rpm
libpq-debuginfo-12.5-1.el8_3.aarch64.rpm
libpq-debugsource-12.5-1.el8_3.aarch64.rpm
libpq-devel-12.5-1.el8_3.aarch64.rpm
libpq-devel-debuginfo-12.5-1.el8_3.aarch64.rpm

ppc64le:
libpq-12.5-1.el8_3.ppc64le.rpm
libpq-debuginfo-12.5-1.el8_3.ppc64le.rpm
libpq-debugsource-12.5-1.el8_3.ppc64le.rpm
libpq-devel-12.5-1.el8_3.ppc64le.rpm
libpq-devel-debuginfo-12.5-1.el8_3.ppc64le.rpm

s390x:
libpq-12.5-1.el8_3.s390x.rpm
libpq-debuginfo-12.5-1.el8_3.s390x.rpm
libpq-debugsource-12.5-1.el8_3.s390x.rpm
libpq-devel-12.5-1.el8_3.s390x.rpm
libpq-devel-debuginfo-12.5-1.el8_3.s390x.rpm

x86_64:
libpq-12.5-1.el8_3.i686.rpm
libpq-12.5-1.el8_3.x86_64.rpm
libpq-debuginfo-12.5-1.el8_3.i686.rpm
libpq-debuginfo-12.5-1.el8_3.x86_64.rpm
libpq-debugsource-12.5-1.el8_3.i686.rpm
libpq-debugsource-12.5-1.el8_3.x86_64.rpm
libpq-devel-12.5-1.el8_3.i686.rpm
libpq-devel-12.5-1.el8_3.x86_64.rpm
libpq-devel-debuginfo-12.5-1.el8_3.i686.rpm
libpq-devel-debuginfo-12.5-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX9dhLtzjgjWX9erEAQix8Q/8CGXWFjuh6pd+JU3acODsOl9QPCDIPaVB
z9SwnEVJybWAXnxjemADDkymNPlHOei9I79iFxkWDS05EH0+7wcjHLZ6Ln1dtAGK
DnHXVnBOOaBqKLxl8R5X2d6s3MONSKanUngjUppxg2FlhezbDgWRxdlNY7Jf/IiI
c7JxJdKt2Ehw9h0h2GTKHW6DpFumt/4g8EjFEpTDhJr5lFqQ2a462rbwAwxYZsdn
bmZcCyAnkfED9Qdk7e/unxnBWfl/CSZe+4JvJGlUjPCT9CeV+0C8Vf2YeoCZ8n3/
YNQDUOxc1+FFHnLyG/TEDk9Mb1EloW+337p1VQlYTaaMHe8SdtyU82wEpUxKQkZN
jpYRD0LDeuJ+gos0C1KaG10D/+WhNZiiVFD/fYjt9X69Lt8iy/dbiuxDqb4dX5IP
HWeE57mpkKrnyKAaRMzbg2JKsoCE05oPjQUchdIYZt+gfjM5i+uUNpM/V7gl1jPD
R00RxT9ZtlJlTWT1mFLHz1iO7CaA1osHWqHlAbe5xoYDY2hHZLAOfSA7Xufw6HsX
AfthWSPurPn6JLC7PlbEMtUTvBG5fcxwS+Ay59o96NoghwaR7x5jVTZdgFlbCGQb
qDIoWGmvogjYZ0ubprc4iIjIIPcYyhvEyfz5WiZsgDXq3rzVKdE8sy5eGcQhgHPE
y34aNBnTnk4=
=84JV
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Red Hat Security Advisory 2020-5401-01

Red Hat Security Advisory 2020-5401-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2020-5401-01

Share This

Red Hat Security Advisory 2020-5401-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems