ArchLinux: 201608-14: postgresql: multiple issues
Summary
- CVE-2016-5423 (arbitrary code execution)
It was discovered that certain SQL statements containing CASE/WHEN
commands could crash the PostgreSQL server, or disclose a few bytes of
server memory, potentially leading to arbitrary code execution.
- CVE-2016-5424 (privilege escalation)
It was found that PostgreSQL client programs mishandle database and role
names containing newlines, carriage returns, double quotes, or
backslashes. By crafting such an object name, roles with the CREATEDB or
CREATEROLE option could escalate their privileges to superuser when a
superuser next executes maintenance with a vulnerable program.
Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb,
and clusterdb.
Resolution
Upgrade to 9.5.4-1.
# pacman -Syu "postgresql>=9.5.4-1"
The problems have been fixed upstream in version 9.5.4.
References
https://www.postgresql.org/about/news/2016-08-11-security-update-release-1688/ https://access.redhat.com/security/cve/CVE-2016-5423 https://access.redhat.com/security/cve/CVE-2016-5424
Workaround
None.