[arch-security] [ASA-201711-18] postgresql-old-upgrade: multiple issues

Levente Polyak anthraxx at archlinux.org
Fri Nov 10 14:12:28 UTC 2017 

Arch Linux Security Advisory ASA-201711-18
==========================================

Severity: Medium
Date    : 2017-11-10
CVE-ID  : CVE-2017-15098 CVE-2017-15099
Package : postgresql-old-upgrade
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-486

Summary
=======

The package postgresql-old-upgrade before version 9.6.6-1 is vulnerable
to multiple issues including access restriction bypass and information
disclosure.

Resolution
==========

Upgrade to 9.6.6-1.

# pacman -Syu "postgresql-old-upgrade>=9.6.6-1"

The problems have been fixed upstream in version 9.6.6.

Workaround
==========

None.

Description
===========

- CVE-2017-15098 (information disclosure)

A denial of service and potential memory disclosure vulnerability has
been discovered in PostgreSQL in the json_populate_recordset() and
jsonb_populate_recordset() functions.

- CVE-2017-15099 (access restriction bypass)

An access restriction bypass vulnerability has been discovered in
PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to
see if the executing user had permission to perform a "SELECT" on the
index performing the conflicting check. Additionally, in a table with
row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE"
would not check the SELECT policies for that table before performing
the update.
The fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against
table permissions and RLS policies before executing.

Impact
======

A remote attacker is able to bypass access restrictions via certain
queries or possibly leak sensitive information from the running
process.

References
==========

https://www.postgresql.org/about/news/1801/
https://security.archlinux.org/CVE-2017-15098
https://security.archlinux.org/CVE-2017-15099

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20171110/f9a50f87/attachment.asc>

More information about the arch-security mailing list