Lucene search

K
archlinuxArchLinuxASA-201711-17
HistoryNov 10, 2017 - 12:00 a.m.

[ASA-201711-17] postgresql: multiple issues

2017-11-1000:00:00
security.archlinux.org
14
postgresql
version 10.1-1
access restriction
information disclosure
remote attacker
denial of service
memory disclosure
cve-2017-15098
cve-2017-15099
table permissions
rls policies
arch linux security advisory

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.008

Percentile

81.3%

Arch Linux Security Advisory ASA-201711-17

Severity: Medium
Date : 2017-11-10
CVE-ID : CVE-2017-15098 CVE-2017-15099
Package : postgresql
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-485

Summary

The package postgresql before version 10.1-1 is vulnerable to multiple
issues including access restriction bypass and information disclosure.

Resolution

Upgrade to 10.1-1.

pacman -Syu “postgresql>=10.1-1”

The problems have been fixed upstream in version 10.1.

Workaround

None.

Description

  • CVE-2017-15098 (information disclosure)

A denial of service and potential memory disclosure vulnerability has
been discovered in PostgreSQL in the json_populate_recordset() and
jsonb_populate_recordset() functions.

  • CVE-2017-15099 (access restriction bypass)

An access restriction bypass vulnerability has been discovered in
PostgreSQL, the “INSERT … ON CONFLICT DO UPDATE” would not check to
see if the executing user had permission to perform a “SELECT” on the
index performing the conflicting check. Additionally, in a table with
row-level security enabled, the “INSERT … ON CONFLICT DO UPDATE”
would not check the SELECT policies for that table before performing
the update.
The fix ensures that “INSERT … ON CONFLICT DO UPDATE” checks against
table permissions and RLS policies before executing.

Impact

A remote attacker is able to bypass access restrictions via certain
queries or possibly leak sensitive information from the running
process.

References

https://www.postgresql.org/about/news/1801/
https://security.archlinux.org/CVE-2017-15098
https://security.archlinux.org/CVE-2017-15099

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanypostgresql< 10.1-1UNKNOWN

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.008

Percentile

81.3%