You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa postgresql

Sigurnosni nedostatak programskog paketa postgresql

==========================================================================
Ubuntu Security Notice USN-3479-1
November 14, 2017

postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
– postgresql-9.6: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database
– postgresql-9.3: Object-relational SQL database

Details:

David Rowley discovered that PostgreSQL incorrectly handled memory when
processing certain JSON functions. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2017-15098)

Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT
privileges when processing INSERT … ON CONFLICT DO UPDATE commands. A
remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and
Ubuntu 17.10.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
postgresql-9.6 9.6.6-0ubuntu0.17.10

Ubuntu 17.04:
postgresql-9.6 9.6.6-0ubuntu0.17.04

Ubuntu 16.04 LTS:
postgresql-9.5 9.5.10-0ubuntu0.16.04

Ubuntu 14.04 LTS:
postgresql-9.3 9.3.20-0ubuntu0.14.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3479-1
CVE-2017-15098, CVE-2017-15099

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.10
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.04
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.10-0ubuntu0.16.04
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.20-0ubuntu0.14.04

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaCvC0AAoJEGVp2FWnRL6TRBQQAIYi87CwGSs5BWTkFcVFrujk
xZooMu+MFYNdAlwL7+gSHgqNfy923ODYs//N3CWyNum6YcaUfzktGWiAsFyki8tf
INa/dWMjzSrtUgngj8PRNfQvdlb19ZYydGCJWNAiippDQjlpX3JfMEnv2F+Sf7RV
kEg5jF5I05AYlD11esgeOHe81fRUXjNQvhnklBHhdacVQQdrJmxl6vm2uGopEN1w
rn6/MtC9AEjsk0+j4xM+sYbbP9rpa2mjYA7y2BOfbLDEESJo1jwqKXW2hsz0fhAD
DZcHv00TA/uwuUz0KrIxaPit7z8S5U2mKlJSCcTlmI9R/QIdi56O+70Rux003cbS
EcCln7QK/dm26iAYjKT8IG4fhS3QZY7fEQxsKJEIurOB4sLWUW9PP2hooNhas6EQ
mTGdqLV9kogGpcrjrBVNJDxvvTPLJ5RMU1SxovJM+CltxtYBl/nlKBUFTsiLHdDT
fxLmmQWtxXsJ2lx+DOP99EQcPGLFeAQ/3o7Nq0CDgpJEuQV32liUjqZfhuDX2YKc
NdW83Xu4ff25GzMvzsfgmVo0aff6b2SfbvdJ/40imIo50mGnYpHxtTb3ODHcbJFE
WwRR/NinV/9pDKZNZ1wPR5zUSenjT29TqT9pQfTU03vGvQK3UsSPIBYH9PCb6zDL
06wyr4bmVqZT2cNUWm5c
=hP8c
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3479-1
November 14, 2017

postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
– postgresql-9.6: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database
– postgresql-9.3: Object-relational SQL database

Details:

David Rowley discovered that PostgreSQL incorrectly handled memory when
processing certain JSON functions. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2017-15098)

Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT
privileges when processing INSERT … ON CONFLICT DO UPDATE commands. A
remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and
Ubuntu 17.10.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
postgresql-9.6 9.6.6-0ubuntu0.17.10

Ubuntu 17.04:
postgresql-9.6 9.6.6-0ubuntu0.17.04

Ubuntu 16.04 LTS:
postgresql-9.5 9.5.10-0ubuntu0.16.04

Ubuntu 14.04 LTS:
postgresql-9.3 9.3.20-0ubuntu0.14.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3479-1
CVE-2017-15098, CVE-2017-15099

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.10
https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.04
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.10-0ubuntu0.16.04
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.20-0ubuntu0.14.04

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaCvC0AAoJEGVp2FWnRL6TRBQQAIYi87CwGSs5BWTkFcVFrujk
xZooMu+MFYNdAlwL7+gSHgqNfy923ODYs//N3CWyNum6YcaUfzktGWiAsFyki8tf
INa/dWMjzSrtUgngj8PRNfQvdlb19ZYydGCJWNAiippDQjlpX3JfMEnv2F+Sf7RV
kEg5jF5I05AYlD11esgeOHe81fRUXjNQvhnklBHhdacVQQdrJmxl6vm2uGopEN1w
rn6/MtC9AEjsk0+j4xM+sYbbP9rpa2mjYA7y2BOfbLDEESJo1jwqKXW2hsz0fhAD
DZcHv00TA/uwuUz0KrIxaPit7z8S5U2mKlJSCcTlmI9R/QIdi56O+70Rux003cbS
EcCln7QK/dm26iAYjKT8IG4fhS3QZY7fEQxsKJEIurOB4sLWUW9PP2hooNhas6EQ
mTGdqLV9kogGpcrjrBVNJDxvvTPLJ5RMU1SxovJM+CltxtYBl/nlKBUFTsiLHdDT
fxLmmQWtxXsJ2lx+DOP99EQcPGLFeAQ/3o7Nq0CDgpJEuQV32liUjqZfhuDX2YKc
NdW83Xu4ff25GzMvzsfgmVo0aff6b2SfbvdJ/40imIo50mGnYpHxtTb3ODHcbJFE
WwRR/NinV/9pDKZNZ1wPR5zUSenjT29TqT9pQfTU03vGvQK3UsSPIBYH9PCb6zDL
06wyr4bmVqZT2cNUWm5c
=hP8c
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa php

Otkriveni su sigurnosni nedostaci u programskom paketu php za operacijski sustav RHEL 7. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada...

Close