CVE-2017-15098 Ubuntu Security Notification for Postgresql-9.3, Postgresql-9.5, Postgresql-9.6 Vulnerabilities (USN-3479-1)

2017年11月20日 1027点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

It was discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions.

It was discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands.

漏洞危害

A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098)

A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.

解决方案

Refer to Ubuntu advisory USN-3479-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3479-1: 16.04 (Xenial) on src (postgresql-9.5)

USN-3479-1: 17.10 (artful) on src (postgresql-9.6)

USN-3479-1: 17.04 (zesty) on src (postgresql-9.6)

USN-3479-1: 14.04 (Kylin) on src (postgresql-9.3)

0daybank

CVE-2017-15098 Ubuntu Security Notification for Postgresql-9.3, Postgresql-9.5, Postgresql-9.6 Vulnerabilities (USN-3479-1)

文章评论