[gentoo-announce] [ GLSA 201710-06 ] PostgreSQL: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201710-06 ] PostgreSQL: Multiple vulnerabilities
Date:	Sun, 08 Oct 2017 13:57:18
Message-Id:	`1884468.DPRYnjYhRA@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201710-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: PostgreSQL: Multiple vulnerabilities

9

     Date: October 08, 2017

10

     Bugs: #618462, #627462

11

       ID: 201710-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in PostgreSQL, the worst of

19

which could result in privilege escalation.

20

21

Background

22

==========

23

24

PostgreSQL is an open source object-relational database management

25

system.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/postgresql            < 9.6.4                >= 9.6.4:9.6 

34

                                                         >= 9.5.8:9.5 

35

                                                        >= 9.4.13:9.4 

36

                                                        >= 9.3.18:9.3 

37

                                                        >= 9.2.22:9.2 

38

39

Description

40

===========

41

42

Multiple vulnerabilities have been discovered in PostgreSQL. Please

43

review the referenced CVE identifiers for details.

44

45

Impact

46

======

47

48

A remote attacker could escalate privileges, cause a Denial of Service

49

condition, obtain passwords, cause a loss in information, or obtain

50

sensitive information.

51

52

Workaround

53

==========

54

55

There is no known workaround at this time.

56

57

Resolution

58

==========

59

60

All PostgreSQL 9.6.x users should upgrade to the latest version:

61

62

  # emerge --sync

63

  # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.4"

64

65

All PostgreSQL 9.5.x users should upgrade to the latest version:

66

67

  # emerge --sync

68

  # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.8"

69

70

All PostgreSQL 9.4.x users should upgrade to the latest version:

71

72

  # emerge --sync

73

  # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.13"

74

75

All PostgreSQL 9.3.x users should upgrade to the latest version:

76

77

  # emerge --sync

78

  # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.18"

79

80

All PostgreSQL 9.2.x users should upgrade to the latest version:

81

82

  # emerge --sync

83

  # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.22"

84

85

References

86

==========

87

88

[ 1 ] CVE-2017-7484

89

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7484

90

[ 2 ] CVE-2017-7485

91

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7485

92

[ 3 ] CVE-2017-7486

93

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7486

94

[ 4 ] CVE-2017-7546

95

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7546

96

[ 5 ] CVE-2017-7547

97

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7547

98

[ 6 ] CVE-2017-7548

99

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7548

100

101

Availability

102

============

103

104

This GLSA and any updates to it are available for viewing at

105

the Gentoo Security Website:

106

107

 https://security.gentoo.org/glsa/201710-06

108

109

Concerns?

110

=========

111

112

Security is a primary focus of Gentoo Linux and ensuring the

113

confidentiality and security of our users' machines is of utmost

114

importance to us. Any security concerns should be addressed to

115

security@g.o or alternatively, you may file a bug at

116

https://bugs.gentoo.org.

117

118

License

119

=======

120

121

Copyright 2017 Gentoo Foundation, Inc; referenced text

122

belongs to its owner(s).

123

124

The contents of this document are licensed under the

125

Creative Commons - Attribution / Share Alike license.

126

127

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201710-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: PostgreSQL: Multiple vulnerabilities
9	Date: October 08, 2017
10	Bugs: #618462, #627462
11	ID: 201710-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in PostgreSQL, the worst of
19	which could result in privilege escalation.
20
21	Background
22	==========
23
24	PostgreSQL is an open source object-relational database management
25	system.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/postgresql < 9.6.4 >= 9.6.4:9.6
34	>= 9.5.8:9.5
35	>= 9.4.13:9.4
36	>= 9.3.18:9.3
37	>= 9.2.22:9.2
38
39	Description
40	===========
41
42	Multiple vulnerabilities have been discovered in PostgreSQL. Please
43	review the referenced CVE identifiers for details.
44
45	Impact
46	======
47
48	A remote attacker could escalate privileges, cause a Denial of Service
49	condition, obtain passwords, cause a loss in information, or obtain
50	sensitive information.
51
52	Workaround
53	==========
54
55	There is no known workaround at this time.
56
57	Resolution
58	==========
59
60	All PostgreSQL 9.6.x users should upgrade to the latest version:
61
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.4"
64
65	All PostgreSQL 9.5.x users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.8"
69
70	All PostgreSQL 9.4.x users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.13"
74
75	All PostgreSQL 9.3.x users should upgrade to the latest version:
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.18"
79
80	All PostgreSQL 9.2.x users should upgrade to the latest version:
81
82	# emerge --sync
83	# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.22"
84
85	References
86	==========
87
88	[ 1 ] CVE-2017-7484
89	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7484
90	[ 2 ] CVE-2017-7485
91	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7485
92	[ 3 ] CVE-2017-7486
93	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7486
94	[ 4 ] CVE-2017-7546
95	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7546
96	[ 5 ] CVE-2017-7547
97	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7547
98	[ 6 ] CVE-2017-7548
99	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7548
100
101	Availability
102	============
103
104	This GLSA and any updates to it are available for viewing at
105	the Gentoo Security Website:
106
107	https://security.gentoo.org/glsa/201710-06
108
109	Concerns?
110	=========
111
112	Security is a primary focus of Gentoo Linux and ensuring the
113	confidentiality and security of our users' machines is of utmost
114	importance to us. Any security concerns should be addressed to
115	security@g.o or alternatively, you may file a bug at
116	https://bugs.gentoo.org.
117
118	License
119	=======
120
121	Copyright 2017 Gentoo Foundation, Inc; referenced text
122	belongs to its owner(s).
123
124	The contents of this document are licensed under the
125	Creative Commons - Attribution / Share Alike license.
126
127	http://creativecommons.org/licenses/by-sa/2.5