logo
DATABASE RESOURCES PRICING ABOUT US

Medium: postgresql95, postgresql96

Description

**Issue Overview:** Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.(CVE-2017-12172) INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.(CVE-2017-15099) Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can crash the server or disclose a few bytes of server memory.(CVE-2017-15098) **Affected Packages:** postgresql95, postgresql96 **Issue Correction:** Run _yum update postgresql95_ to update your system. Run _yum update postgresql96_ to update your system. **New Packages:** i686:     postgresql95-plperl-9.5.10-1.77.amzn1.i686     postgresql95-libs-9.5.10-1.77.amzn1.i686     postgresql95-debuginfo-9.5.10-1.77.amzn1.i686     postgresql95-devel-9.5.10-1.77.amzn1.i686     postgresql95-test-9.5.10-1.77.amzn1.i686     postgresql95-contrib-9.5.10-1.77.amzn1.i686     postgresql95-docs-9.5.10-1.77.amzn1.i686     postgresql95-9.5.10-1.77.amzn1.i686     postgresql95-plpython26-9.5.10-1.77.amzn1.i686     postgresql95-static-9.5.10-1.77.amzn1.i686     postgresql95-server-9.5.10-1.77.amzn1.i686     postgresql95-plpython27-9.5.10-1.77.amzn1.i686     postgresql96-plperl-9.6.6-1.79.amzn1.i686     postgresql96-plpython26-9.6.6-1.79.amzn1.i686     postgresql96-plpython27-9.6.6-1.79.amzn1.i686     postgresql96-devel-9.6.6-1.79.amzn1.i686     postgresql96-contrib-9.6.6-1.79.amzn1.i686     postgresql96-static-9.6.6-1.79.amzn1.i686     postgresql96-docs-9.6.6-1.79.amzn1.i686     postgresql96-libs-9.6.6-1.79.amzn1.i686     postgresql96-debuginfo-9.6.6-1.79.amzn1.i686     postgresql96-test-9.6.6-1.79.amzn1.i686     postgresql96-9.6.6-1.79.amzn1.i686     postgresql96-server-9.6.6-1.79.amzn1.i686 src:     postgresql95-9.5.10-1.77.amzn1.src     postgresql96-9.6.6-1.79.amzn1.src x86_64:     postgresql95-server-9.5.10-1.77.amzn1.x86_64     postgresql95-devel-9.5.10-1.77.amzn1.x86_64     postgresql95-contrib-9.5.10-1.77.amzn1.x86_64     postgresql95-9.5.10-1.77.amzn1.x86_64     postgresql95-static-9.5.10-1.77.amzn1.x86_64     postgresql95-plpython27-9.5.10-1.77.amzn1.x86_64     postgresql95-libs-9.5.10-1.77.amzn1.x86_64     postgresql95-docs-9.5.10-1.77.amzn1.x86_64     postgresql95-plpython26-9.5.10-1.77.amzn1.x86_64     postgresql95-plperl-9.5.10-1.77.amzn1.x86_64     postgresql95-debuginfo-9.5.10-1.77.amzn1.x86_64     postgresql95-test-9.5.10-1.77.amzn1.x86_64     postgresql96-static-9.6.6-1.79.amzn1.x86_64     postgresql96-docs-9.6.6-1.79.amzn1.x86_64     postgresql96-plperl-9.6.6-1.79.amzn1.x86_64     postgresql96-libs-9.6.6-1.79.amzn1.x86_64     postgresql96-test-9.6.6-1.79.amzn1.x86_64     postgresql96-debuginfo-9.6.6-1.79.amzn1.x86_64     postgresql96-9.6.6-1.79.amzn1.x86_64     postgresql96-contrib-9.6.6-1.79.amzn1.x86_64     postgresql96-server-9.6.6-1.79.amzn1.x86_64     postgresql96-plpython26-9.6.6-1.79.amzn1.x86_64     postgresql96-devel-9.6.6-1.79.amzn1.x86_64     postgresql96-plpython27-9.6.6-1.79.amzn1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 postgresql95-plperl 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-libs 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-debuginfo 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-devel 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-test 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-contrib 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-docs 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-plpython26 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-static 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-server 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-plpython27 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql96-plperl 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-plpython26 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-plpython27 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-devel 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-contrib 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-static 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-docs 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-libs 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-debuginfo 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-test 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-server 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql95 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql96 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql95-server 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-devel 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-contrib 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-static 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-plpython27 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-libs 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-docs 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-plpython26 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-plperl 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-debuginfo 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql95-test 9.5.10-1.77.amzn1
Amazon Linux 1 postgresql96-static 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-docs 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-plperl 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-libs 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-test 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-debuginfo 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-contrib 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-server 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-plpython26 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-devel 9.6.6-1.79.amzn1
Amazon Linux 1 postgresql96-plpython27 9.6.6-1.79.amzn1

Related