Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

redhat RHSA-2018:2566: RHSA-2018:2566: rh-postgresql96-postgresql security update (Important)

redhat RHSA-2018:2511: RHSA-2018:2511: rh-postgresql95-postgresql security update (Important)

According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.

This update for postgresql95 fixes the following issues :

Upate to PostgreSQL 9.5.11 :

Security issues fixed :

  - https://www.postgresql.org/docs/9.5/static/release-9-5-11.html 

  - CVE-2018-1053, boo#1077983: Ensure that all temporary     files made by pg_upgrade are non-world-readable. 

  - boo#1079757: Rename pg_rewind's copy_file_range function     to avoid conflict with new Linux system call of that     name.

In version 9.5.10 :

  - https://www.postgresql.org/docs/9.5/static/release-9-5-10.html

  - CVE-2017-15098, boo#1067844: Memory disclosure in JSON     functions.

  - CVE-2017-15099, boo#1067841: INSERT ... ON CONFLICT DO     UPDATE fails to enforce SELECT privileges.

In version 9.5.9 :

  - https://www.postgresql.org/docs/9.5/static/release-9-5-9.html

  - Show foreign tables in     information_schema.table_privileges view.

  - Clean up handling of a fatal exit (e.g., due to receipt     of SIGTERM) that occurs while trying to execute a     ROLLBACK of a failed transaction.

  - Remove assertion that could trigger during a fatal exit.

  - Correctly identify columns that are of a range type or     domain type over a composite type or domain type being     searched for.

  - Fix crash in pg_restore when using parallel mode and     using a list file to select a subset of items to     restore.

  - Change ecpg's parser to allow RETURNING clauses without     attached C variables.

In version 9.5.8

  - https://www.postgresql.org/docs/9.5/static/release-9-5-8.html

  - CVE-2017-7547, boo#1051685: Further restrict visibility     of pg_user_mappings.umoptions, to protect passwords     stored as user mapping options.

  - CVE-2017-7546, boo#1051684: Disallow empty passwords in     all password-based authentication methods.

  - CVE-2017-7548, boo#1053259: lo_put() function ignores     ACLs.

This update for postgresql94 fixes the following issues :

Security issues fixed :

  - CVE-2017-15098: Fix crash due to rowtype mismatch in     json(b)_populate_recordset() (bsc#1067844).

  - CVE-2017-12172: Start scripts permit database     administrator to modify root-owned files. This issue did     not affect SUSE (bsc#1062538).

Bug fixes :

  - Update to version 9.4.15

  - https://www.postgresql.org/docs/9.4/static/release-9-4-15.html

  - https://www.postgresql.org/docs/9.4/static/release-9-4-14.html

This update was imported from the SUSE:SLE-12:Update update project.

This update for postgresql94 fixes the following issues: Security issues fixed :

  - CVE-2017-15098: Fix crash due to rowtype mismatch in     json{b}_populate_recordset() (bsc#1067844).

  - CVE-2017-12172: Start scripts permit database     administrator to modify root-owned files. This issue did     not affect SUSE (bsc#1062538). Bug fixes :

  - Update to version 9.4.15

  - https://www.postgresql.org/docs/9.4/static/release-9-4-15.html

  - https://www.postgresql.org/docs/9.4/static/release-9-4-14.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for postgresql96 fixes the following issues: Security issues fixed :

  - CVE-2017-15098: Fix crash due to rowtype mismatch in     json{b}_populate_recordset() (bsc#1067844).

  - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO     UPDATE checks table permissions and RLS policies in all     cases (bsc#1067841). Bug fixes :

  - Update to version 9.6.6 :

  - https://www.postgresql.org/docs/9.6/static/release-9-6-6.html

  - https://www.postgresql.org/docs/9.6/static/release-9-6-5.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for postgresql96 fixes the following issues :

Security issues fixed :

  - CVE-2017-15098: Fix crash due to rowtype mismatch in     json(b)_populate_recordset() (bsc#1067844).

  - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO     UPDATE checks table permissions and RLS policies in all     cases (bsc#1067841).

Bug fixes :

  - Update to version 9.6.6 :

  - https://www.postgresql.org/docs/9.6/static/release-9-6-6.html

  - https://www.postgresql.org/docs/9.6/static/release-9-6-5.html

This update was imported from the SUSE:SLE-12:Update update project.

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.( CVE-2017-12172)

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can crash the server or disclose a few bytes of server memory.(CVE-2017-15098)

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.(CVE-2017-12172)

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.(CVE-2017-15099)

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can crash the server or disclose a few bytes of server memory.(CVE-2017-15098)

The version of PostgreSQL installed on the remote host is 9.2.x prior to 9.2.24, 9.3.x prior to 9.3.20, 9.4.x prior to 9.4.15, 9.5.x prior to 9.5.10, 9.6.x prior to 9.6.6, or 10.x prior to 10.1. It is, therefore, affected by multiple vulnerabilities including a denial of service attack.

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information.
(CVE-2017-15098)

Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands.
A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The PostgreSQL project reports :

- CVE-2017-15098: Memory disclosure in JSON functions

- CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

Several vulnerabilities have been found in the PostgreSQL database system :

  - CVE-2017-15098     Denial of service and potential memory disclosure in the     json_populate_recordset() and jsonb_populate_recordset()     functions

  - CVE-2017-15099     Insufficient permissions checks in 'INSERT ... ON     CONFLICT DO UPDATE' statements.

A vulnerabilitiy has been found in the PostgreSQL database system:
Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions.

ID	Name	Product	Family	Severity
108520	Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)	Nessus	Junos Local Security Checks	critical
106965	openSUSE Security Update : postgresql95 (openSUSE-2018-204)	Nessus	SuSE Local Security Checks	critical
106067	openSUSE Security Update : postgresql94 (openSUSE-2018-38)	Nessus	SuSE Local Security Checks	high
106049	SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2018:0081-1)	Nessus	SuSE Local Security Checks	high
106047	SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:0077-1)	Nessus	SuSE Local Security Checks	high
105458	SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2017:3391-1)	Nessus	SuSE Local Security Checks	high
105454	openSUSE Security Update : postgresql96 (openSUSE-2017-1411)	Nessus	SuSE Local Security Checks	high
105055	Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2017-931)	Nessus	Amazon Linux Local Security Checks	high
105054	Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)	Nessus	Amazon Linux Local Security Checks	high
104574	PostgreSQL 9.2.x < 9.2.24 / 9.3.x < 9.3.20 / 9.4.x < 9.4.15 / 9.5.x < 9.5.10 / 9.6.x < 9.6.6 / 10.x < 10.1 Multiple Vulnerabilities	Nessus	Databases	medium
104569	Ubuntu 14.04 LTS / 16.04 LTS : PostgreSQL vulnerabilities (USN-3479-1)	Nessus	Ubuntu Local Security Checks	high
104489	FreeBSD : PostgreSQL vulnerabilities (1f02af5d-c566-11e7-a12d-6cc21735f730)	Nessus	FreeBSD Local Security Checks	high
104484	Debian DSA-4028-1 : postgresql-9.6 - security update	Nessus	Debian Local Security Checks	high
104483	Debian DSA-4027-1 : postgresql-9.4 - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-15098

high

Tenable Plugins

Coming Soon

critical

critical

high

high

high

high

high

high

high

medium

high

high

high

high