drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PostgreSQL
Name: |
Zwei Probleme in PostgreSQL |
|
ID: |
USN-3479-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10 |
|
Datum: |
Di, 14. November 2017, 14:59 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15098 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2512773506725819899== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CtkM8IixlvsjcuwmPc3xgws2V7TFiECsO"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CtkM8IixlvsjcuwmPc3xgws2V7TFiECsO Content-Type: multipart/mixed; boundary="LaNjrc8rXIKckAD5WiKxkUKQIdhT077qN"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <26b375ae-1ba4-b5d5-b6e1-a5f9523c6fec@canonical.com> Subject: [USN-3479-1] PostgreSQL vulnerabilities
--LaNjrc8rXIKckAD5WiKxkUKQIdhT077qN Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3479-1 November 14, 2017
postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database
Details:
David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098)
Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: postgresql-9.6 9.6.6-0ubuntu0.17.10
Ubuntu 17.04: postgresql-9.6 9.6.6-0ubuntu0.17.04
Ubuntu 16.04 LTS: postgresql-9.5 9.5.10-0ubuntu0.16.04
Ubuntu 14.04 LTS: postgresql-9.3 9.3.20-0ubuntu0.14.04
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3479-1 CVE-2017-15098, CVE-2017-15099
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.10 https://launchpad.net/ubuntu/+source/postgresql-9.6/9.6.6-0ubuntu0.17.04 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.10-0ubuntu0.16.04 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.20-0ubuntu0.14.04
--LaNjrc8rXIKckAD5WiKxkUKQIdhT077qN--
--CtkM8IixlvsjcuwmPc3xgws2V7TFiECsO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJaCvC0AAoJEGVp2FWnRL6TRBQQAIYi87CwGSs5BWTkFcVFrujk xZooMu+MFYNdAlwL7+gSHgqNfy923ODYs//N3CWyNum6YcaUfzktGWiAsFyki8tf INa/dWMjzSrtUgngj8PRNfQvdlb19ZYydGCJWNAiippDQjlpX3JfMEnv2F+Sf7RV kEg5jF5I05AYlD11esgeOHe81fRUXjNQvhnklBHhdacVQQdrJmxl6vm2uGopEN1w rn6/MtC9AEjsk0+j4xM+sYbbP9rpa2mjYA7y2BOfbLDEESJo1jwqKXW2hsz0fhAD DZcHv00TA/uwuUz0KrIxaPit7z8S5U2mKlJSCcTlmI9R/QIdi56O+70Rux003cbS EcCln7QK/dm26iAYjKT8IG4fhS3QZY7fEQxsKJEIurOB4sLWUW9PP2hooNhas6EQ mTGdqLV9kogGpcrjrBVNJDxvvTPLJ5RMU1SxovJM+CltxtYBl/nlKBUFTsiLHdDT fxLmmQWtxXsJ2lx+DOP99EQcPGLFeAQ/3o7Nq0CDgpJEuQV32liUjqZfhuDX2YKc NdW83Xu4ff25GzMvzsfgmVo0aff6b2SfbvdJ/40imIo50mGnYpHxtTb3ODHcbJFE WwRR/NinV/9pDKZNZ1wPR5zUSenjT29TqT9pQfTU03vGvQK3UsSPIBYH9PCb6zDL 06wyr4bmVqZT2cNUWm5c =hP8c -----END PGP SIGNATURE-----
--CtkM8IixlvsjcuwmPc3xgws2V7TFiECsO--
--===============2512773506725819899== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============2512773506725819899==--
|
|
|
|