| Summary: | postgresql new security issues CVE-2016-5423 and CVE-2016-5424 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | brtians1, davidwhodgins, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/697020/ | ||
| Whiteboard: | has_procedure mga5-32-ok mga5-64-ok advisory | ||
| Source RPM: | postgresql9.3, postgresql9.4, postgresql9.5 | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-08-11 18:18:54 CEST
David Walser
2016-08-11 18:19:53 CEST
Whiteboard:
(none) =>
MGA5TOO
David Walser
2016-08-11 18:23:09 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/697020/ Updated packages uploaded for Mageia 5 and Cauldron. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=18103#c6 Advisory: ======================== Updated postgresql packages fix security vulnerabilities: It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution (CVE-2016-5423). It was found that PostgreSQL client programs mishandle database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to root when a root user next executes maintenance with a vulnerable program. Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb (CVE-2016-5424). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424 http://www.postgresql.org/docs/current/static/release-9-3-14.html http://www.postgresql.org/docs/current/static/release-9-4-9.html https://www.postgresql.org/about/news/1688/ ======================== Updated packages in core/updates_testing: ======================== postgresql9.3-9.3.14-1.mga5 libpq9.3_5.6-9.3.14-1.mga5 libecpg9.3_6-9.3.14-1.mga5 postgresql9.3-server-9.3.14-1.mga5 postgresql9.3-docs-9.3.14-1.mga5 postgresql9.3-contrib-9.3.14-1.mga5 postgresql9.3-devel-9.3.14-1.mga5 postgresql9.3-pl-9.3.14-1.mga5 postgresql9.3-plpython-9.3.14-1.mga5 postgresql9.3-plperl-9.3.14-1.mga5 postgresql9.3-pltcl-9.3.14-1.mga5 postgresql9.3-plpgsql-9.3.14-1.mga5 postgresql9.4-9.4.9-1.mga5 libpq5-9.4.9-1.mga5 libecpg9.4_6-9.4.9-1.mga5 postgresql9.4-server-9.4.9-1.mga5 postgresql9.4-docs-9.4.9-1.mga5 postgresql9.4-contrib-9.4.9-1.mga5 postgresql9.4-devel-9.4.9-1.mga5 postgresql9.4-pl-9.4.9-1.mga5 postgresql9.4-plpython-9.4.9-1.mga5 postgresql9.4-plperl-9.4.9-1.mga5 postgresql9.4-pltcl-9.4.9-1.mga5 postgresql9.4-plpgsql-9.4.9-1.mga5 from SRPMS: postgresql9.3-9.3.14-1.mga5.src.rpm postgresql9.4-9.4.9-1.mga5.src.rpm Version:
Cauldron =>
5 Assigning to QA. Package list, advisory, and testing procedure in Comment 1. Assignee:
cjw =>
qa-bugs
David Walser
2016-08-11 22:43:36 CEST
Severity:
normal =>
critical installed postgressql9.3 first round
This via terminal I had to su over to the postgres user id and create my user profile
[postgres@localhost brian]$ createdb -O brian brian
I backed out of postgres and root via exit command
then
[brian@localhost ~]$ psql
psql (9.3.14)
Type "help" for help.
brian=> select version();
version
--------------------------------------------------------------------------------
-
PostgreSQL 9.3.14 on i586-mageia-linux-gnu, compiled by gcc (GCC) 4.9.2, 32-bit
(1 row)
brian=> create table brian (name varchar(20));
CREATE TABLE
brian=> insert into brian values ('briansname');
INSERT 0 1
brian=> select * from brian;
name
------------
briansname
(1 row)
brian=>
9.3.14 seems to be working appropriately.CC:
(none) =>
brtians1 The following 18 packages are going to be installed:
- glibc-devel-2.20-23.mga5.x86_64
- kernel-userspace-headers-4.4.16-1.mga5.x86_64
- lib64ecpg9.4_6-9.4.9-1.mga5.x86_64
- lib64openssl-devel-1.0.2h-1.mga5.x86_64
- lib64ossp_uuid16-1.6.2-12.mga5.x86_64
- lib64pq5-9.4.9-1.mga5.x86_64
- lib64zlib-devel-1.2.8-7.mga5.x86_64
- meta-task-5-28.1.mga5.noarch
- postgresql9.4-9.4.9-1.mga5.x86_64
- postgresql9.4-contrib-9.4.9-1.mga5.x86_64
- postgresql9.4-devel-9.4.9-1.mga5.x86_64
- postgresql9.4-docs-9.4.9-1.mga5.noarch
- postgresql9.4-pl-9.4.9-1.mga5.x86_64
- postgresql9.4-plperl-9.4.9-1.mga5.x86_64
- postgresql9.4-plpgsql-9.4.9-1.mga5.x86_64
- postgresql9.4-plpython-9.4.9-1.mga5.x86_64
- postgresql9.4-pltcl-9.4.9-1.mga5.x86_64
- postgresql9.4-server-9.4.9-1.mga5.x86_64
60MB of additional disk space will be used.
------------------------------------------------------------
This time around I had to create role brian with login
Then I went back and did a database create with:
createdb -O brian mydb
then I could login into psql
---------------------------------------------------------
[brian@localhost ~]$ psql mydb
psql (9.4.9)
mydb=# select version();
version
--------------------------------------------------------------------------------
--
PostgreSQL 9.4.9 on x86_64-mageia-linux-gnu, compiled by gcc (GCC) 4.9.2, 64-bi
t
---------------------------------------------------------------------
mydb=# create table brian (name varchar(20));
CREATE TABLE
mydb=# insert into brian values ('someones name');
INSERT 0 1
mydb=# select * from brian;
name
---------------
someones name
(1 row)
mydb=#
----------------
looks like 9.4 is working fine.
Brian Rockwell
2016-08-18 16:37:21 CEST
Whiteboard:
has_procedure =>
has_procedure mga5-32-ok mga5-64-ok
Dave Hodgins
2016-08-18 19:55:11 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0289.html Status:
NEW =>
RESOLVED |