ArchLinux: 201908-8: postgresql: multiple issues

    Date12 Aug 2019
    557
    Posted ByLinuxSecurity Advisories
    The package postgresql before version 11.5-1 is vulnerable to multiple issues including access restriction bypass and information disclosure.
    Arch Linux Security Advisory ASA-201908-8
    =========================================
    
    Severity: Medium
    Date    : 2019-08-10
    CVE-ID  : CVE-2019-10208 CVE-2019-10209
    Package : postgresql
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1019
    
    Summary
    =======
    
    The package postgresql before version 11.5-1 is vulnerable to multiple
    issues including access restriction bypass and information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 11.5-1.
    
    # pacman -Syu "postgresql>=11.5-1"
    
    The problems have been fixed upstream in version 11.5.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-10208 (access restriction bypass)
    
    A security issue has been found in PostgreSQL < 11.5 where given a
    suitable SECURITY DEFINER function, an attacker can execute arbitrary
    SQL under the identity of the function owner. An attack requires
    EXECUTE permission on the function, which must itself contain a
    function call having inexact argument type match. For example,
    length('foo'::varchar) and length('foo') are inexact, while
    length('foo'::text) is exact. As part of exploiting this vulnerability,
    the attacker uses CREATE DOMAIN to create a type in a pg_temp schema.
    The attack pattern and fix are similar to that for CVE-2007-2138.
    
    - CVE-2019-10209 (information disclosure)
    
    An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database
    containing hypothetical, user-defined hash equality operators, an
    attacker could read arbitrary bytes of server memory. For an attack to
    become possible, a superuser would need to create unusual operators. It
    is possible for operators not purpose-crafted for attack to have the
    properties that enable an attack, but we are not aware of specific
    examples.
    
    Impact
    ======
    
    An authenticated attacker can read arbitrary bytes of server memory or
    execute arbitrary SQL commands under a different identity than its own.
    
    References
    ==========
    
    https://www.postgresql.org/about/news/1960/
    https://bugzilla.redhat.com/show_bug.cgi?id=1734416
    https://bugzilla.redhat.com/show_bug.cgi?id=1734447
    https://security.archlinux.org/CVE-2019-10208
    https://security.archlinux.org/CVE-2019-10209
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.