[ASA-201908-7] postgresql-libs: multiple issues
rgacogne at archlinux.org
Mon Aug 12 16:07:07 UTC 2019
Arch Linux Security Advisory ASA-201908-7
Date : 2019-08-10
CVE-ID : CVE-2019-10208 CVE-2019-10209
Package : postgresql-libs
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1019
The package postgresql-libs before version 11.5-1 is vulnerable to
multiple issues including access restriction bypass and information
Upgrade to 11.5-1.
# pacman -Syu "postgresql-libs>=11.5-1"
The problems have been fixed upstream in version 11.5.
- CVE-2019-10208 (access restriction bypass)
A security issue has been found in PostgreSQL < 11.5 where given a
suitable SECURITY DEFINER function, an attacker can execute arbitrary
SQL under the identity of the function owner. An attack requires
EXECUTE permission on the function, which must itself contain a
function call having inexact argument type match. For example,
length('foo'::varchar) and length('foo') are inexact, while
length('foo'::text) is exact. As part of exploiting this vulnerability,
the attacker uses CREATE DOMAIN to create a type in a pg_temp schema.
The attack pattern and fix are similar to that for CVE-2007-2138.
- CVE-2019-10209 (information disclosure)
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database
containing hypothetical, user-defined hash equality operators, an
attacker could read arbitrary bytes of server memory. For an attack to
become possible, a superuser would need to create unusual operators. It
is possible for operators not purpose-crafted for attack to have the
properties that enable an attack, but we are not aware of specific
An authenticated attacker can read arbitrary bytes of server memory or
execute arbitrary SQL commands under a different identity than its own.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security