[arch-security] [ASA-201711-17] postgresql: multiple issues
Levente Polyak
anthraxx at archlinux.org
Fri Nov 10 14:11:39 UTC 2017
Arch Linux Security Advisory ASA-201711-17
==========================================
Severity: Medium
Date : 2017-11-10
CVE-ID : CVE-2017-15098 CVE-2017-15099
Package : postgresql
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-485
Summary
=======
The package postgresql before version 10.1-1 is vulnerable to multiple
issues including access restriction bypass and information disclosure.
Resolution
==========
Upgrade to 10.1-1.
# pacman -Syu "postgresql>=10.1-1"
The problems have been fixed upstream in version 10.1.
Workaround
==========
None.
Description
===========
- CVE-2017-15098 (information disclosure)
A denial of service and potential memory disclosure vulnerability has
been discovered in PostgreSQL in the json_populate_recordset() and
jsonb_populate_recordset() functions.
- CVE-2017-15099 (access restriction bypass)
An access restriction bypass vulnerability has been discovered in
PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to
see if the executing user had permission to perform a "SELECT" on the
index performing the conflicting check. Additionally, in a table with
row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE"
would not check the SELECT policies for that table before performing
the update.
The fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against
table permissions and RLS policies before executing.
Impact
======
A remote attacker is able to bypass access restrictions via certain
queries or possibly leak sensitive information from the running
process.
References
==========
https://www.postgresql.org/about/news/1801/
https://security.archlinux.org/CVE-2017-15098
https://security.archlinux.org/CVE-2017-15099
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20171110/a5dbcfa9/attachment.asc>
More information about the arch-security
mailing list