SB2017073109 - Red Hat update for PostgreSQL

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-7484)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper privilege checking before providing information from pg_statistic. A remote attacker can send a specially crafted request to bypass SELECT privilege checks, cause memory leak and steal some information from ostensibly restricted tables.

Successful exploitation of the vulnerability results in information disclosure.

2) Man-in-the-middle attack (CVE-ID: CVE-2017-7485)

The vulnerability allows a remote attacker to conduct a man-in-the-middle attack.

The weakness exists in the PGREQUIRESSL environment due to no enforcement of a SSL/TLS connection to a PostgreSQL server. A remote attacker can launch a man-in-the-middle attack to strip the SSL/TLS protection from a connection between a client and a server and modify the communicated data.

Successful exploitation of the vulnerability results in unauthorized access to sensitive information.

3) Information disclosure (CVE-ID: CVE-2017-7486)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper implementation of pg_user_mappings access qualifications. A remote attacker with USAGE privilege on the associated foreign server can send a specially crafted request to trigger memory leak in pg_user_mappings view and disclose foreign server passwords.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2017:1838