SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   PostgreSQL Vendors:   postgresql.org
(CentOS Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035167
SecurityTracker URL:  http://securitytracker.com/id/1035167
CVE Reference:   CVE-2016-0773   (Links to External Site)
Date:  Mar 2 2016
Impact:   Denial of service via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1, 9.2, 9.3, 9.4, 9.5
Description:   Two vulnerabilities were reported in PostgreSQL. A remote user can cause the target service to crash. A remote authenticated user can gain elevated privileges.

A remote user can supply a specially data containing regular expressions with out-of-range Unicode characters to cause the target backend service to enter an infinite loop or crash [CVE-2016-0773].

A remote authenticated user without database superuser privileges can modify certain custom configuration settings (GUCS) for PL/Java [CVE-2016-0766].

Impact:   A remote user can cause the target service to enter an infinite loop or crash.

A remote authenticated user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2016-0773.

i386:
28887eb490932c082e1b7b1265d02162825dc1441e4a3a42bb5512b7f4640c22 postgresql-8.4.20-5.el6_7.i686.rpm
21b0002c1e9c222562e1983daa806617ef41aaac55a0c2e69fc10775b2afda04 postgresql-contrib-8.4.20-5.el6_7.i686.rpm
ae7607f18010b13d047dea7824218ff37e3ffed61e613079c8f2bc5a86e7d7e2 postgresql-devel-8.4.20-5.el6_7.i686.rpm
c2d3da027a5532c8776da45a58d8d3ea1cc45c62b32b852f4d025b055a60f14d postgresql-docs-8.4.20-5.el6_7.i686.rpm
ab8d3a2bec35fef0477a62dc8aad01af0ce9cb4207392b402620b4a87ba55d16 postgresql-libs-8.4.20-5.el6_7.i686.rpm
3b97c7a7a81ff2e8ce6235b01337bd5267496491599f5621a8e958f77fe33aba postgresql-plperl-8.4.20-5.el6_7.i686.rpm
b215251545d709136b8491aadfeebd68336d65855f68292d1ff849ddd6282f22 postgresql-plpython-8.4.20-5.el6_7.i686.rpm
4a29d7cdfcb7db337a96919a83c266e8a8f65c5b31beecbb6cb022ca66ff371f postgresql-pltcl-8.4.20-5.el6_7.i686.rpm
fe69ec2c0a5be8820d4d6732a79f25011356d95e4cb8c9c3c00353b524794c20 postgresql-server-8.4.20-5.el6_7.i686.rpm
ee3bcd8a1b0f602d62c3dcc66d4dfba7c1c07dfc0b0325655fdb1089e795917e postgresql-test-8.4.20-5.el6_7.i686.rpm

x86_64:
28887eb490932c082e1b7b1265d02162825dc1441e4a3a42bb5512b7f4640c22 postgresql-8.4.20-5.el6_7.i686.rpm
c7cd7d3d73f7881040d5e76f4602f9b3c99051eeb66bfb16d614fc0e92bb6a72 postgresql-8.4.20-5.el6_7.x86_64.rpm
0f5d90c73d67b5d75b1d18e38f55cab7a7f14634a44aa5246a8b902a08499e2a postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm
ae7607f18010b13d047dea7824218ff37e3ffed61e613079c8f2bc5a86e7d7e2 postgresql-devel-8.4.20-5.el6_7.i686.rpm
d5138d6cf2d30936b11d07e0f6405edef3b16da393d1b10f19571dc3da67c99b postgresql-devel-8.4.20-5.el6_7.x86_64.rpm
787b50591dc468e74ccb804e5a36afc30923e3a416bd5b0711db4ff863d765f6 postgresql-docs-8.4.20-5.el6_7.x86_64.rpm
ab8d3a2bec35fef0477a62dc8aad01af0ce9cb4207392b402620b4a87ba55d16 postgresql-libs-8.4.20-5.el6_7.i686.rpm
fc4a053f7f71071c0559d6718e06c7f0eca8026d8df595deaa2ee15b060aa745 postgresql-libs-8.4.20-5.el6_7.x86_64.rpm
894f0de472b5ce8bac0507f5c3f9c03b1f7c2c7f365f6d78b78084924fe2d2bc postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm
4a30da101c89de17815d3428a28f40a2c0abad82ab95ee2bcb5c32bfec373367 postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm
fef0d25e31d54df816279e46671ad715335705b12af73d63b8f3cc1420d02bb4 postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm
02b4bd3d5b2df30694e57e6e35e51437c17f4665c5b0d79abf123efdcd7b7d9f postgresql-server-8.4.20-5.el6_7.x86_64.rpm
b7bd6d7f6d4fc310e6eaed09b8f0078037f4631d3c99257610d7e3ef432c3edd postgresql-test-8.4.20-5.el6_7.x86_64.rpm

Source:
1d25cec7562ac152fbf1be84b28cd1ec2b57d46e031457188db1f565e02812f8 postgresql-8.4.20-5.el6_7.src.rpm

x86_64:
5c458f42b2ef11fcc4b62d7f69c7dc1e033957c471387d65a6d49c0d7df6f128 postgresql-9.2.15-1.el7_2.i686.rpm
2434cedad6cd2fd921d499c57864e69e8db4ec7166d0f390c055074d50ddd2a7 postgresql-9.2.15-1.el7_2.x86_64.rpm
f7484385c8df8fa144de7fea6e3fb64f657a3325608e3d25dd5d6e68f32fa7ea postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm
1eeabfd3110ad851ad61b68271e2594d2807241617e395427a83f89f1e662d6f postgresql-devel-9.2.15-1.el7_2.i686.rpm
62790ddfbb18ad771af372509b674b62284d8d47c390dc397269f71c9fef8df3 postgresql-devel-9.2.15-1.el7_2.x86_64.rpm
0e787b99e9fddde0900c8dbf2014025ec8ce1c578c684e5ce51c532b52f1abb4 postgresql-docs-9.2.15-1.el7_2.x86_64.rpm
51c0e1cc0983e2139d11ea212f23f1ce60b6ed25a071743f360515688898aaa5 postgresql-libs-9.2.15-1.el7_2.i686.rpm
53f4bed4816944cdfd1b896ad6933c799f3429b221d2146d91d462e5c608fae3 postgresql-libs-9.2.15-1.el7_2.x86_64.rpm
2c9e04943c318f89e8c94d8104e01cbeb1c9dcbf868dee434c3e65505384cb03 postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm
36021f26db1f2addf89e15707348cc611b34f0b9fe385df77e1f50994c978fa6 postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm
a9d8728e1b5a7c34ce94b1c339c3017691da43458afcec07f6be207c96877795 postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm
5be958fcca92e4b44dcfcae4f50bb16c05386c06b31ddcd36b5cf6c4ffd01af4 postgresql-server-9.2.15-1.el7_2.x86_64.rpm
8afce69552067b932036be540522b0db2d4c245cedb1fad8eb4762b02586a83d postgresql-test-9.2.15-1.el7_2.x86_64.rpm
1e7aa4a53e7cee01fdd305e69bc2e7927f85d97682dd925b3adb0b12e75a9872 postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm

Source:
2e7e14805236939e21dd3bb2b293c205206c7cb76c0beb42317a4073aeb9aab0 postgresql-9.2.15-1.el7_2.src.rpm

Cause:   Access control error, Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Feb 11 2016 PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0346 Important CentOS 7 postgresql Security Update


CentOS Errata and Security Advisory 2016:0346 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0346.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5c458f42b2ef11fcc4b62d7f69c7dc1e033957c471387d65a6d49c0d7df6f128  postgresql-9.2.15-1.el7_2.i686.rpm
2434cedad6cd2fd921d499c57864e69e8db4ec7166d0f390c055074d50ddd2a7  postgresql-9.2.15-1.el7_2.x86_64.rpm
f7484385c8df8fa144de7fea6e3fb64f657a3325608e3d25dd5d6e68f32fa7ea  postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm
1eeabfd3110ad851ad61b68271e2594d2807241617e395427a83f89f1e662d6f  postgresql-devel-9.2.15-1.el7_2.i686.rpm
62790ddfbb18ad771af372509b674b62284d8d47c390dc397269f71c9fef8df3  postgresql-devel-9.2.15-1.el7_2.x86_64.rpm
0e787b99e9fddde0900c8dbf2014025ec8ce1c578c684e5ce51c532b52f1abb4  postgresql-docs-9.2.15-1.el7_2.x86_64.rpm
51c0e1cc0983e2139d11ea212f23f1ce60b6ed25a071743f360515688898aaa5  postgresql-libs-9.2.15-1.el7_2.i686.rpm
53f4bed4816944cdfd1b896ad6933c799f3429b221d2146d91d462e5c608fae3  postgresql-libs-9.2.15-1.el7_2.x86_64.rpm
2c9e04943c318f89e8c94d8104e01cbeb1c9dcbf868dee434c3e65505384cb03  postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm
36021f26db1f2addf89e15707348cc611b34f0b9fe385df77e1f50994c978fa6  postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm
a9d8728e1b5a7c34ce94b1c339c3017691da43458afcec07f6be207c96877795  postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm
5be958fcca92e4b44dcfcae4f50bb16c05386c06b31ddcd36b5cf6c4ffd01af4  postgresql-server-9.2.15-1.el7_2.x86_64.rpm
8afce69552067b932036be540522b0db2d4c245cedb1fad8eb4762b02586a83d  postgresql-test-9.2.15-1.el7_2.x86_64.rpm
1e7aa4a53e7cee01fdd305e69bc2e7927f85d97682dd925b3adb0b12e75a9872  postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm

Source:
2e7e14805236939e21dd3bb2b293c205206c7cb76c0beb42317a4073aeb9aab0  postgresql-9.2.15-1.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC