Security update for postgresql95 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0529-1 Final 1 1 2018-02-22T19:46:15Z current 2018-02-22T19:46:15Z 2018-02-22T19:46:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for postgresql95 This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: * https://www.postgresql.org/docs/9.5/static/release-9-5-11.html * CVE-2018-1053, boo#1077983: Ensure that all temporary files made by pg_upgrade are non-world-readable. * boo#1079757: Rename pg_rewind's copy_file_range function to avoid conflict with new Linux system call of that name. In version 9.5.10: * https://www.postgresql.org/docs/9.5/static/release-9-5-10.html * CVE-2017-15098, boo#1067844: Memory disclosure in JSON functions. * CVE-2017-15099, boo#1067841: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges. In version 9.5.9: * https://www.postgresql.org/docs/9.5/static/release-9-5-9.html * Show foreign tables in information_schema.table_privileges view. * Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM) that occurs while trying to execute a ROLLBACK of a failed transaction. * Remove assertion that could trigger during a fatal exit. * Correctly identify columns that are of a range type or domain type over a composite type or domain type being searched for. * Fix crash in pg_restore when using parallel mode and using a list file to select a subset of items to restore. * Change ecpg's parser to allow RETURNING clauses without attached C variables. In version 9.5.8 * https://www.postgresql.org/docs/9.5/static/release-9-5-8.html * CVE-2017-7547, boo#1051685: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546, boo#1051684: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548, boo#1053259: lo_put() function ignores ACLs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html E-Mail link for openSUSE-SU-2018:0529-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 postgresql95-9.5.11-2.3.1 postgresql95-contrib-9.5.11-2.3.1 postgresql95-devel-9.5.11-2.3.1 postgresql95-docs-9.5.11-2.3.1 postgresql95-libs-9.5.11-2.3.1 postgresql95-plperl-9.5.11-2.3.1 postgresql95-plpython-9.5.11-2.3.1 postgresql95-pltcl-9.5.11-2.3.1 postgresql95-server-9.5.11-2.3.1 postgresql95-test-9.5.11-2.3.1 postgresql95-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-contrib-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-devel-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-docs-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-libs-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-plperl-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-plpython-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-pltcl-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-server-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 postgresql95-test-9.5.11-2.3.1 as a component of openSUSE Leap 42.3 Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. CVE-2017-15098 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2017-15098.html CVE-2017-15098 https://bugzilla.suse.com/1067844 SUSE Bug 1067844 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. CVE-2017-15099 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2017-15099.html CVE-2017-15099 https://bugzilla.suse.com/1067841 SUSE Bug 1067841 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. CVE-2017-7546 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2017-7546.html CVE-2017-7546 https://bugzilla.suse.com/1051684 SUSE Bug 1051684 https://bugzilla.suse.com/1054365 SUSE Bug 1054365 https://bugzilla.suse.com/1140876 SUSE Bug 1140876 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. CVE-2017-7547 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2017-7547.html CVE-2017-7547 https://bugzilla.suse.com/1051685 SUSE Bug 1051685 https://bugzilla.suse.com/1054365 SUSE Bug 1054365 https://bugzilla.suse.com/1140876 SUSE Bug 1140876 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. CVE-2017-7548 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 important 8.5 AV:N/AC:L/Au:S/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2017-7548.html CVE-2017-7548 https://bugzilla.suse.com/1053259 SUSE Bug 1053259 https://bugzilla.suse.com/1054365 SUSE Bug 1054365 https://bugzilla.suse.com/1140876 SUSE Bug 1140876 In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. CVE-2018-1053 openSUSE Leap 42.3:postgresql95-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-contrib-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-devel-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-docs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-libs-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plperl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-plpython-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-pltcl-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-server-9.5.11-2.3.1 openSUSE Leap 42.3:postgresql95-test-9.5.11-2.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00042.html https://www.suse.com/security/cve/CVE-2018-1053.html CVE-2018-1053 https://bugzilla.suse.com/1077983 SUSE Bug 1077983