Arch Linux Security Advisory ASA-201502-4
========================================
Severity: High
Date    : 2015-02-06
CVE-ID  : CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244
Package : postgresql
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package postgresql before version 9.4.1-1 is vulnerable to multiple
issues, including information leak, denial of service, privilege
escalation and command injection.

Resolution
=========
Upgrade to 9.4.1-1.

# pacman -Syu "postgresql>=9.4.1-1"

The problem has been fixed upstream in version 9.4.1.

Workaround
=========
None.

Description
==========
- CVE-2014-8161 (information leak)

Some server error messages show the values of columns that violate a
constraint, such as a unique constraint. If the user does not have
SELECT privilege on all columns of the table, this could mean exposing
values that the user should not be able to see. Adjust the code so that
values are displayed only when they came from the SQL command or could
be selected by the user.

- CVE-2015-0241 (denial of service, privilege escalation)

When to_char() processes a numeric formatting template calling for a
large number of digits, PostgreSQL would read past the end of a buffer.
When processing a crafted timestamp formatting template, PostgreSQL
would write past the end of a buffer. Either case could crash the
server. We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.

- CVE-2015-0243 (denial of service, privilege escalation)

Errors in memory size tracking within the pgcrypto module permitted
stack buffer overruns and improper dependence on the contents of
uninitialized memory. The buffer overrun cases can crash the server, and
we have not ruled out the possibility of attacks that lead to privilege
escalation.

- CVE-2015-0244 (command injection)

If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message's data as a new
protocol message. An attacker able to submit crafted binary data within
a command parameter might succeed in injecting his own SQL commands this
way. Statement timeout and query cancellation are the most likely
sources of errors triggering this scenario. Particularly vulnerable are
applications that use a timeout and also submit arbitrary user-crafted
data as binary query parameters. Disabling statement timeout will
reduce, but not eliminate, the risk of exploit. Our thanks to Emil
Lenngren for reporting this issue.


Impact
=====
A remote, authenticated attacker might be able to get access to
sensitive information, escalate privileges or cause a denial of service
by crashing the server. A remote attacker could inject arbitrary SQL
command by submitting crafted binary data within a command parameter.

References
=========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8161
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0241
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0243
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0244
https://www.postgresql.org/docs/9.4/release-9-4-1.html

ArchLinux: 201502-4: postgresql: multiple issues

February 6, 2015

Summary

- CVE-2014-8161 (information leak) Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user.
- CVE-2015-0241 (denial of service, privilege escalation)
When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely.
- CVE-2015-0243 (denial of service, privilege escalation)
Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation.
- CVE-2015-0244 (command injection)
If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue.

Resolution

Upgrade to 9.4.1-1. # pacman -Syu "postgresql>=9.4.1-1"
The problem has been fixed upstream in version 9.4.1.

References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8161 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0241 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0244 https://www.postgresql.org/docs/9.4/release-9-4-1.html

Severity
Package : postgresql
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved