Bugzilla – Bug 993453
VUL-0: CVE-2016-5424 : postgresql: privilege escalation via crafted database and role names
Last modified: 2018-11-07 16:28:43 UTC
rh#1364002 It was found that PostgreSQL client programs mishandle database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable program. Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb. References: https://bugzilla.redhat.com/show_bug.cgi?id=1364002 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5424 http://www.debian.org/security/2016/dsa-3646
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
Affected versions: 9.5, 9.4, 9.3, 9.2, 9.1 Upstream fixed in: 9.5.4, 9.4.9, 9.3.14, 9.2.18, 9.1.23
Packages were submitted to 13.2, SLE11-SP1 and SLE12 by Fabian Weiss, but for some reason the automatism that normally posts them here does not work.
SUSE-SU-2016:2414-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 973660,993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): postgresql93-9.3.14-19.2 SUSE Linux Enterprise Server 12-LTSS (src): postgresql93-9.3.14-19.2
SUSE-SU-2016:2415-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 973660,993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): postgresql94-libs-9.4.9-14.1 SUSE Linux Enterprise Server 12-SP1 (src): postgresql94-9.4.9-14.1, postgresql94-libs-9.4.9-14.1 SUSE Linux Enterprise Desktop 12-SP1 (src): postgresql94-9.4.9-14.1, postgresql94-libs-9.4.9-14.1
SUSE-SU-2016:2418-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: SUSE Manager 2.1 (src): postgresql94-9.4.9-0.19.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): postgresql94-libs-9.4.9-0.19.1 SUSE Linux Enterprise Server 11-SP4 (src): postgresql94-9.4.9-0.19.1, postgresql94-libs-9.4.9-0.19.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): postgresql94-9.4.9-0.19.1, postgresql94-libs-9.4.9-0.19.1
openSUSE-SU-2016:2425-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: openSUSE 13.2 (src): postgresql93-9.3.14-2.13.1, postgresql93-libs-9.3.14-2.13.1
openSUSE-SU-2016:2464-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 973660,993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: openSUSE Leap 42.1 (src): postgresql94-9.4.9-7.1, postgresql94-libs-9.4.9-7.1
openSUSE-SU-2017:1021-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1029547,973660,993453,993454 CVE References: CVE-2016-5423,CVE-2016-5424 Sources used: openSUSE Leap 42.2 (src): postgresql93-9.3.14-5.5.1, postgresql93-libs-9.3.14-5.5.1 openSUSE Leap 42.1 (src): postgresql93-9.3.14-8.1, postgresql93-libs-9.3.14-8.1