Updated postgresql packages fix security vulnerability
Publication date: 31 Aug 2016Modification date: 31 Aug 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5423 , CVE-2016-5424
Description
It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution (CVE-2016-5423). It was found that PostgreSQL client programs mishandle database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to root when a root user next executes maintenance with a vulnerable program. Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb (CVE-2016-5424).
References
- https://bugs.mageia.org/show_bug.cgi?id=19183
- http://www.postgresql.org/docs/current/static/release-9-3-14.html
- http://www.postgresql.org/docs/current/static/release-9-4-9.html
- https://www.postgresql.org/about/news/1688/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424
SRPMS
5/core
- postgresql9.3-9.3.14-1.mga5
- postgresql9.4-9.4.9-1.mga5