ArchLinux: 201908-7: postgresql-libs: multiple issues

    Date12 Aug 2019
    CategoryArchLinux
    201
    Posted ByLinuxSecurity Advisories
    The package postgresql-libs before version 11.5-1 is vulnerable to multiple issues including access restriction bypass and information disclosure.
    Arch Linux Security Advisory ASA-201908-7
    =========================================
    
    Severity: Medium
    Date    : 2019-08-10
    CVE-ID  : CVE-2019-10208 CVE-2019-10209
    Package : postgresql-libs
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1019
    
    Summary
    =======
    
    The package postgresql-libs before version 11.5-1 is vulnerable to
    multiple issues including access restriction bypass and information
    disclosure.
    
    Resolution
    ==========
    
    Upgrade to 11.5-1.
    
    # pacman -Syu "postgresql-libs>=11.5-1"
    
    The problems have been fixed upstream in version 11.5.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-10208 (access restriction bypass)
    
    A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and length('foo') are inexact, while length('foo'::text) is exact. As part of exploiting this vulnerability, the attacker uses CREATE DOMAIN to create a type in a pg_temp schema. The attack pattern and fix are similar to that for CVE-2007-2138. - CVE-2019-10209 (information disclosure) An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database
    containing hypothetical, user-defined hash equality operators, an
    attacker could read arbitrary bytes of server memory. For an attack to
    become possible, a superuser would need to create unusual operators. It
    is possible for operators not purpose-crafted for attack to have the
    properties that enable an attack, but we are not aware of specific
    examples.
    
    Impact
    ======
    
    An authenticated attacker can read arbitrary bytes of server memory or
    execute arbitrary SQL commands under a different identity than its own.
    
    References
    ==========
    
    https://www.postgresql.org/about/news/1960/
    https://bugzilla.redhat.com/show_bug.cgi?id=1734416
    https://bugzilla.redhat.com/show_bug.cgi?id=1734447
    https://security.archlinux.org/CVE-2019-10208
    https://security.archlinux.org/CVE-2019-10209
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.