drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PostgreSQL
Name: |
Mehrere Probleme in PostgreSQL |
|
ID: |
USN-3390-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04 |
|
Datum: |
Di, 15. August 2017, 22:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7546 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5660255535445629918== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="k1SR5xcaSFPCPb4NdBXV9ru2VAA0jaa6D"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --k1SR5xcaSFPCPb4NdBXV9ru2VAA0jaa6D Content-Type: multipart/mixed; boundary="v75CFf9x9ufLqwWU0JktDiJLPXnhnfTwt"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <079078c6-7ff2-cdcf-163e-ee14bc910072@canonical.com> Subject: [USN-3390-1] PostgreSQL vulnerabilities
--v75CFf9x9ufLqwWU0JktDiJLPXnhnfTwt Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3390-1 August 15, 2017
postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database
Details:
Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. (CVE-2017-7546)
Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. (CVE-2017-7547)
Chapman Flack discovered that PostgreSQL incorrectly handled lo_put() permissions. A remote attacker could possibly use this issue to change the data in a large object. (CVE-2017-7548)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: postgresql-9.6 9.6.4-0ubuntu0.17.04.1
Ubuntu 16.04 LTS: postgresql-9.5 9.5.8-0ubuntu0.16.04.1
Ubuntu 14.04 LTS: postgresql-9.3 9.3.18-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3390-1 CVE-2017-7546, CVE-2017-7547, CVE-2017-7548
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.4-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.8-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.18-0ubuntu0.14.04.1
--v75CFf9x9ufLqwWU0JktDiJLPXnhnfTwt--
--k1SR5xcaSFPCPb4NdBXV9ru2VAA0jaa6D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZkzC8AAoJEGVp2FWnRL6TkfsQAI6jVG/kXKbP6GRbiGas/Jiq iHYrvGT8WSkj91SNAuOlp4wASwRSgH+G1mIOTqq5DmY0vld1ZgKdFXBNhEfLsuC2 SIYpjlDnKeUkM1B3RmUx3/xKpIq+0PjNFI6lr994NGPLlv/GfwuFUoc5a14OM15A LbBCoDe5+PNBqRJXYVPUJK3Bufj2t6o2eHlCriuPJiHJFe2NtL7sUFyWnpOKhu+i 7tprw+PSS+4EaFfyOBB/nvKxrNPqhEYp6u7Arur8zQhO1IyicEoSWbNv9H07j4Yq jSisQoY4rFCvDB8rrC+4RoqKElr6pLQDgwEoeigJPK3Chz7sEFpzWX3uC3GR8PcM fdeq8DBl9VyFvFHf6/gmVUwUue+frpo9epbwILMBjbBpwUCdXkBNFJ5jCRLfFcI8 niXx1jGh+MooEvGyQ16Cidu2d9/VAMaCOOFw/1QXIHELr8Vg4xyFqQ+6I86s7YfI pBYxF7BJbFzw6CqFWGXp5hpEi9bq6GPRxAjC21CWjZVpCnboEW9jboZp7UhbHiWH cu5eKegYgADiSvUb5XNpCT8mxibfp3YzIam5hogqwyDSSxmfkQzzFhSDYM298HpT cB6aaTP/UUNyVk6ygMCQn/t9OWP4CzaBmJ4ycUEGXd2G67wbWIBEn00vfu9xgTN2 d7nvyJ5vmMRB2Srm1IYS =h8x+ -----END PGP SIGNATURE-----
--k1SR5xcaSFPCPb4NdBXV9ru2VAA0jaa6D--
--===============5660255535445629918== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5660255535445629918==--
|
|
|
|