|
|
Log in / Subscribe / Register

Arch Linux alert ASA-201709-2 (postgresql)



From:
    	      Levente Polyak <anthraxx@archlinux.org> 


To:
    	      arch-security@archlinux.org 


Subject:
    	      [arch-security] [ASA-201709-2] postgresql: multiple issues 


Date:
    	      Wed, 6 Sep 2017 22:37:40 +0200


Message-ID:
    	      <e761e027-1947-4f4a-6ee2-e39df899069b@archlinux.org>


Arch Linux Security Advisory ASA-201709-2
=========================================

Severity: High
Date    : 2017-09-06
CVE-ID  : CVE-2017-7546 CVE-2017-7547 CVE-2017-7548
Package : postgresql
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-381

Summary
=======

The package postgresql before version 9.6.4-1 is vulnerable to multiple
issues including information disclosure, access restriction bypass and
authentication bypass.

Resolution
==========

Upgrade to 9.6.4-1.

# pacman -Syu "postgresql>=9.6.4-1"

The problems have been fixed upstream in version 9.6.4.

Workaround
==========

None.

Description
===========

- CVE-2017-7546 (authentication bypass)

It was found that authenticating to a PostgreSQL database account with
an empty password was possible despite libpq's refusal to send an empty
password. A remote attacker could potentially use this flaw to gain
access to database accounts with empty passwords.

- CVE-2017-7547 (information disclosure)

An authorization flaw was found in the way PostgreSQL handled access to
the pg_user_mappings view on foreign servers. A remote authenticated
attacker could potentially use this flaw to retrieve passwords from the
user mappings defined by the foreign server owners without actually
having the privileges to do so.

- CVE-2017-7548 (access restriction bypass)

An authorization flaw was found in the way PostgreSQL handled large
objects. A remote authenticated attacker with no privileges on a large
object could potentially use this flaw to overwrite the entire content
of the object, thus resulting in denial of service.

Impact
======

A remote unauthenticated attacker is be able to gain access to database
accounts with empty passwords. Additionally a remote authenticated user
may be able to perform a denial of service attack or retrieve passwords
from the user mappings.

References
==========

https://www.postgresql.org/about/news/1772/
https://github.com/postgres/postgres/commit/d5d46d99ba47f
https://github.com/postgres/postgres/commit/b6e39ca92eeee4
https://github.com/postgres/postgres/commit/f1cda6d6cbb2
https://security.archlinux.org/CVE-2017-7546
https://security.archlinux.org/CVE-2017-7547
https://security.archlinux.org/CVE-2017-7548
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds