Advisories ยป MGASA-2017-0428

Updated postgresql packages fix security vulnerabilities

Publication date: 29 Nov 2017
Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12172 , CVE-2017-15098 , CVE-2017-15099

Description

The startup log file for the postmaster (in newer releases, "postgres")
process was opened while the process was still owned by root. With this
setup, the database owner could specify a file that they did not have
access to and cause the file to be corrupted with logged data
(CVE-2017-12172).

Crash due to rowtype mismatch in json{b}_populate_recordset(). These
functions used the result rowtype specified in the FROM ... AS clause
without checking that it matched the actual rowtype of the supplied
tuple value. If it didn't, that would usually result in a crash, though
disclosure of server memory contents seems possible as well
(CVE-2017-15098).

The "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the
executing user had permission to perform a "SELECT" on the index
performing the conflicting check. Additionally, in a table with
row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would
not check the SELECT policies for that table before performing the
update (CVE-2017-15099).
                

References

SRPMS

6/core

5/core