{"id":"MGASA-2017-0428","summary":"Updated postgresql packages fix security vulnerabilities","details":"The startup log file for the postmaster (in newer releases, \"postgres\")\nprocess was opened while the process was still owned by root. With this\nsetup, the database owner could specify a file that they did not have\naccess to and cause the file to be corrupted with logged data\n(CVE-2017-12172).\n\nCrash due to rowtype mismatch in json{b}_populate_recordset(). These\nfunctions used the result rowtype specified in the FROM ... AS clause\nwithout checking that it matched the actual rowtype of the supplied\ntuple value. If it didn't, that would usually result in a crash, though\ndisclosure of server memory contents seems possible as well\n(CVE-2017-15098).\n\nThe \"INSERT ... ON CONFLICT DO UPDATE\" would not check to see if the\nexecuting user had permission to perform a \"SELECT\" on the index\nperforming the conflicting check. Additionally, in a table with\nrow-level security enabled, the \"INSERT ... ON CONFLICT DO UPDATE\" would\nnot check the SELECT policies for that table before performing the\nupdate (CVE-2017-15099).\n","modified":"2026-02-01T11:10:46.535084Z","published":"2017-11-29T18:52:42Z","related":["CVE-2017-12172","CVE-2017-15098","CVE-2017-15099"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0428.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22002"},{"type":"REPORT","url":"https://www.postgresql.org/docs/9.3/static/release-9-3-20.html"},{"type":"REPORT","url":"https://www.postgresql.org/docs/9.4/static/release-9-4-15.html"},{"type":"REPORT","url":"https://www.postgresql.org/docs/9.6/static/release-9-6-6.html"},{"type":"REPORT","url":"https://www.postgresql.org/about/news/1801/"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-4028"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-4027"}],"affected":[{"package":{"name":"postgresql9.3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.3.20-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0428.json"}},{"package":{"name":"postgresql9.4","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.4?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.4.15-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0428.json"}},{"package":{"name":"postgresql9.4","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/postgresql9.4?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.4.15-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0428.json"}},{"package":{"name":"postgresql9.6","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/postgresql9.6?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.6.6-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0428.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}