[arch-security] [ASA-201608-14] postgresql: multiple issues

Remi Gacogne rgacogne at archlinux.org
Sun Aug 14 14:33:02 UTC 2016


Arch Linux Security Advisory ASA-201608-14
==========================================

Severity: Critical
Date    : 2016-08-14
CVE-ID  : CVE-2016-5423 CVE-2016-5424
Package : postgresql
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package postgresql before version 9.5.4-1 is vulnerable to multiple
issues.

Resolution
==========

Upgrade to 9.5.4-1.

# pacman -Syu "postgresql>=9.5.4-1"

The problems have been fixed upstream in version 9.5.4.

Workaround
==========

None.

Description
===========

- CVE-2016-5423 (arbitrary code execution)

It was discovered that certain SQL statements containing CASE/WHEN
commands could crash the PostgreSQL server, or disclose a few bytes of
server memory, potentially leading to arbitrary code execution.

- CVE-2016-5424 (privilege escalation)

It was found that PostgreSQL client programs mishandle database and role
names containing newlines, carriage returns, double quotes, or
backslashes. By crafting such an object name, roles with the CREATEDB or
CREATEROLE option could escalate their privileges to superuser when a
superuser next executes maintenance with a vulnerable program.
Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb,
and clusterdb.

Impact
======

A remote authenticated attacker can execute arbitrary code on the
affected server by executing a crafted SQL statement.
A local authenticated attacker can gain superuser privileges by creating
an object with a crafted name.

References
==========

https://www.postgresql.org/about/news/1688/
https://access.redhat.com/security/cve/CVE-2016-5423
https://access.redhat.com/security/cve/CVE-2016-5424

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160814/92825caf/attachment.asc>


More information about the arch-security mailing list