==========================================================================
Ubuntu Security Notice USN-3479-1
November 14, 2017
postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
– postgresql-9.6: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database
– postgresql-9.3: Object-relational SQL database
Details:
David Rowley discovered that PostgreSQL incorrectly handled memory when
processing certain JSON functions. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2017-15098)
Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT
privileges when processing INSERT … ON CONFLICT DO UPDATE commands. A
remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and
Ubuntu 17.10.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
postgresql-9.6 9.6.6-0ubuntu0.17.10
Ubuntu 17.04:
postgresql-9.6 9.6.6-0ubuntu0.17.04
Ubuntu 16.04 LTS:
postgresql-9.5 9.5.10-0ubuntu0.16.04
Ubuntu 14.04 LTS:
postgresql-9.3 9.3.20-0ubuntu0.14.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3479-1
CVE-2017-15098, CVE-2017-15099
Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.10
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.04
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.10-0ubuntu0.16.04
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.20-0ubuntu0.14.04
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJaCvC0AAoJEGVp2FWnRL6TRBQQAIYi87CwGSs5BWTkFcVFrujk
xZooMu+MFYNdAlwL7+gSHgqNfy923ODYs//N3CWyNum6YcaUfzktGWiAsFyki8tf
INa/dWMjzSrtUgngj8PRNfQvdlb19ZYydGCJWNAiippDQjlpX3JfMEnv2F+Sf7RV
kEg5jF5I05AYlD11esgeOHe81fRUXjNQvhnklBHhdacVQQdrJmxl6vm2uGopEN1w
rn6/MtC9AEjsk0+j4xM+sYbbP9rpa2mjYA7y2BOfbLDEESJo1jwqKXW2hsz0fhAD
DZcHv00TA/uwuUz0KrIxaPit7z8S5U2mKlJSCcTlmI9R/QIdi56O+70Rux003cbS
EcCln7QK/dm26iAYjKT8IG4fhS3QZY7fEQxsKJEIurOB4sLWUW9PP2hooNhas6EQ
mTGdqLV9kogGpcrjrBVNJDxvvTPLJ5RMU1SxovJM+CltxtYBl/nlKBUFTsiLHdDT
fxLmmQWtxXsJ2lx+DOP99EQcPGLFeAQ/3o7Nq0CDgpJEuQV32liUjqZfhuDX2YKc
NdW83Xu4ff25GzMvzsfgmVo0aff6b2SfbvdJ/40imIo50mGnYpHxtTb3ODHcbJFE
WwRR/NinV/9pDKZNZ1wPR5zUSenjT29TqT9pQfTU03vGvQK3UsSPIBYH9PCb6zDL
06wyr4bmVqZT2cNUWm5c
=hP8c
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3479-1
November 14, 2017
postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
– postgresql-9.6: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database
– postgresql-9.3: Object-relational SQL database
Details:
David Rowley discovered that PostgreSQL incorrectly handled memory when
processing certain JSON functions. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2017-15098)
Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT
privileges when processing INSERT … ON CONFLICT DO UPDATE commands. A
remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and
Ubuntu 17.10.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
postgresql-9.6 9.6.6-0ubuntu0.17.10
Ubuntu 17.04:
postgresql-9.6 9.6.6-0ubuntu0.17.04
Ubuntu 16.04 LTS:
postgresql-9.5 9.5.10-0ubuntu0.16.04
Ubuntu 14.04 LTS:
postgresql-9.3 9.3.20-0ubuntu0.14.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3479-1
CVE-2017-15098, CVE-2017-15099
Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.10
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.04
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.10-0ubuntu0.16.04
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.20-0ubuntu0.14.04
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJaCvC0AAoJEGVp2FWnRL6TRBQQAIYi87CwGSs5BWTkFcVFrujk
xZooMu+MFYNdAlwL7+gSHgqNfy923ODYs//N3CWyNum6YcaUfzktGWiAsFyki8tf
INa/dWMjzSrtUgngj8PRNfQvdlb19ZYydGCJWNAiippDQjlpX3JfMEnv2F+Sf7RV
kEg5jF5I05AYlD11esgeOHe81fRUXjNQvhnklBHhdacVQQdrJmxl6vm2uGopEN1w
rn6/MtC9AEjsk0+j4xM+sYbbP9rpa2mjYA7y2BOfbLDEESJo1jwqKXW2hsz0fhAD
DZcHv00TA/uwuUz0KrIxaPit7z8S5U2mKlJSCcTlmI9R/QIdi56O+70Rux003cbS
EcCln7QK/dm26iAYjKT8IG4fhS3QZY7fEQxsKJEIurOB4sLWUW9PP2hooNhas6EQ
mTGdqLV9kogGpcrjrBVNJDxvvTPLJ5RMU1SxovJM+CltxtYBl/nlKBUFTsiLHdDT
fxLmmQWtxXsJ2lx+DOP99EQcPGLFeAQ/3o7Nq0CDgpJEuQV32liUjqZfhuDX2YKc
NdW83Xu4ff25GzMvzsfgmVo0aff6b2SfbvdJ/40imIo50mGnYpHxtTb3ODHcbJFE
WwRR/NinV/9pDKZNZ1wPR5zUSenjT29TqT9pQfTU03vGvQK3UsSPIBYH9PCb6zDL
06wyr4bmVqZT2cNUWm5c
=hP8c
—–END PGP SIGNATURE—–
—
