An update for rh-postgresql94-postgresql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
PostgreSQL is an advanced object-relational database management system (DBMS).The following packages have been upgraded to a newer upstream version:rh-postgresql94-postgresql (9.4.9)Security Fix(es):* A flaw was found in the way PostgreSQL server handled certain SQL statementscontaining CASE/WHEN commands.

A remote, authenticated attacker could use aspecially crafted SQL statement to cause PostgreSQL to crash or disclose a fewbytes of server memory or possibly execute arbitrary code. (CVE-2016-5423)* A flaw was found in the way PostgreSQL client programs handled database androle names containing newlines, carriage returns, double quotes, or backslashes.By crafting such an object name, roles with the CREATEDB or CREATEROLE optioncould escalate their privileges to superuser when a superuser next executesmaintenance with a vulnerable client program. (CVE-2016-5424)Red Hat would like to thank the PostgreSQL project for reporting these issues.Upstream acknowledges Heikki Linnakangas as the original reporter ofCVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258If the postgresql service is running, it will be automatically restarted afterinstalling this update.Red Hat Software Collections 1 for RHEL 6

SRPMS:
rh-postgresql94-postgresql-9.4.9-1.el6.src.rpm
    MD5: bb23bd134659f1977c0e5349e5658e1dSHA-256: 8e76b9421eb9db2164fdfd372859a47ea9db0dfcdbbfa5c1619b85ee15cd7957
 
x86_64:
rh-postgresql94-postgresql-9.4.9-1.el6.x86_64.rpm
    MD5: 982e66eac5063928808f0104bc3a6fe3SHA-256: e2c43cabf2a23c92954c6dda02eb1042c19f1fb9759b5edc2e7cf1bd3a988947
rh-postgresql94-postgresql-contrib-9.4.9-1.el6.x86_64.rpm
    MD5: 5e82ae2ddea762312cc8f82268f974baSHA-256: 5b1b9951551787055aed488802b496758d55496a195c40958209f758e5d2d35f
rh-postgresql94-postgresql-debuginfo-9.4.9-1.el6.x86_64.rpm
    MD5: 4317aaff87f1801940c877ed44a5f65dSHA-256: 1120626befbafa6828e67a54a5121d65cb73bc66cc8614e930f2ee8d7f3ac4da
rh-postgresql94-postgresql-devel-9.4.9-1.el6.x86_64.rpm
    MD5: 13499ddbd02c0a6b8e154936bf84ae43SHA-256: cbcae390af27b9a7aa15903ad623a00870491d6c528050624bb7d921c95e1f0b
rh-postgresql94-postgresql-docs-9.4.9-1.el6.x86_64.rpm
    MD5: f84f1bb0fb91a89e99713336f0171698SHA-256: 2e52f04ac03a8c6a889dc125e9cd1eaaa9b4f4af7d20d90e2525ed942dbdbd52
rh-postgresql94-postgresql-libs-9.4.9-1.el6.x86_64.rpm
    MD5: 75336a9a2f20bc7c80d91d1a0ca2e1bcSHA-256: 21bd432a0fc57fd00708f819a12432973a46ea2a2faf45303f3bab8a28969f91
rh-postgresql94-postgresql-plperl-9.4.9-1.el6.x86_64.rpm
    MD5: ded994d5bcc43ffd041b8592512555a6SHA-256: 477dfc3cf7604e4b254620d74957eb1f9087128009901711efd225150d7aed4b
rh-postgresql94-postgresql-plpython-9.4.9-1.el6.x86_64.rpm
    MD5: efbc55a56544574d0fe191bad0b2a90fSHA-256: 1aeb8652860174de0fa6ac119717f6436243b37003d485b36dcb66f385880724
rh-postgresql94-postgresql-pltcl-9.4.9-1.el6.x86_64.rpm
    MD5: e8bc1d905a693d53a01104bcb728c377SHA-256: fe0f0fcca06ff73ee1353746ab01989dd6a415c5fb685fc9d7e3932ef6fa2c17
rh-postgresql94-postgresql-server-9.4.9-1.el6.x86_64.rpm
    MD5: c5a146cf28d0ca997a66bac084790491SHA-256: fceb06ccf0bf9f5d689d3ff944372d8d4b4ce0110ec6a24632052337305aaf89
rh-postgresql94-postgresql-static-9.4.9-1.el6.x86_64.rpm
    MD5: 25b5db9179cd6711ee3370783fdb5ed9SHA-256: b9b68b35932c38e8683a7a0d5880fa05dc62c678bbfcd714dd57817a767d9e64
rh-postgresql94-postgresql-test-9.4.9-1.el6.x86_64.rpm
    MD5: 16eddfd91063d4496eeb8629c399b545SHA-256: e39055e3688a9c876d3c40dfd68ab676b2a89d971b716e1b3d5a00ee97f78873
rh-postgresql94-postgresql-upgrade-9.4.9-1.el6.x86_64.rpm
    MD5: d776087af756fc6f04009ac110272678SHA-256: 42d5c2fc53a1513ed8f38901faf6ccf1c957975e1b54a25c473b3122481d6b04
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
rh-postgresql94-postgresql-9.4.9-1.el7.src.rpm
    MD5: 1646310bcfeedc0d35a606c6e19cbdd0SHA-256: c4e282d2f52f300c296d0799ef413f39d84a86fe758a167c0f1a5d6a9eaa7e44
 
x86_64:
rh-postgresql94-postgresql-9.4.9-1.el7.x86_64.rpm
    MD5: ccc7e891ad35ab1323f852dcbad44cd3SHA-256: aec39d03e3ee8ca13a560013166d43fc43cc201e0bd9cb824da43f4ea26b4b6f
rh-postgresql94-postgresql-contrib-9.4.9-1.el7.x86_64.rpm
    MD5: ede8fb52c5108c0fca2e55039b5d7fafSHA-256: 854922dd3d45aa8be7546926308570ecd677c392060cad36f2ea461dd50ed16f
rh-postgresql94-postgresql-debuginfo-9.4.9-1.el7.x86_64.rpm
    MD5: a1b2a20a0f6d4fed4681880abbcdb526SHA-256: 616813ea60ffe00dc30dac4a502265e8c4c2931b73aa52cc4ccb2dd40daadc21
rh-postgresql94-postgresql-devel-9.4.9-1.el7.x86_64.rpm
    MD5: 1d001bada6dbb0ce8ec368c78658faf7SHA-256: 391c8406bb4e1212ae0fe1aed211bc0cd8884acebb8a658c4b6c2c480563d3bb
rh-postgresql94-postgresql-docs-9.4.9-1.el7.x86_64.rpm
    MD5: ac2d67b781f45e34b509241639c38caeSHA-256: 1365975220ecd50bf20cc3a8b9f9722754c94c7972841825fb99e3744934f576
rh-postgresql94-postgresql-libs-9.4.9-1.el7.x86_64.rpm
    MD5: 6ffe344144a2855be2be5392970a7b17SHA-256: 6681855f15b16eb73c3fd4fef00b44b8c6481aacf3ce0a92cdfe876a18e36831
rh-postgresql94-postgresql-plperl-9.4.9-1.el7.x86_64.rpm
    MD5: 5125d57a5c992f9baf2c76feb7f4c96eSHA-256: a8ad66d5be39aaf3ff2f8f7242dbb789ad18024425b043a11856854a7609bfe2
rh-postgresql94-postgresql-plpython-9.4.9-1.el7.x86_64.rpm
    MD5: c8de9e00fdbf650efc7b03e4a37feb98SHA-256: 0ea52387f636681cea24cffcb5d145075d2054bd40553e9c3aa9ea3f3731baf3
rh-postgresql94-postgresql-pltcl-9.4.9-1.el7.x86_64.rpm
    MD5: 5f1c15947622c99e6a1fb1991af7325bSHA-256: 1384662f50b7a4b47103301b84061f6c5de3c7eaf700edd5c5e9f2104ef7e6e2
rh-postgresql94-postgresql-server-9.4.9-1.el7.x86_64.rpm
    MD5: 78b337d85c3515745cc6a8247726a79aSHA-256: 2ee104cdd2a4defcf2b112ca0a4d71e1ea8da3abcde517d974b7d0c4e4108322
rh-postgresql94-postgresql-static-9.4.9-1.el7.x86_64.rpm
    MD5: cb3e596c35072b39734b297a09251458SHA-256: eed8fc4d56f162d011c5fa5d95bc8ea2f69afb695410c16e1a531eaffedb49cb
rh-postgresql94-postgresql-test-9.4.9-1.el7.x86_64.rpm
    MD5: cabbef1b32d8583923a99715be3b928fSHA-256: bed2ae7f85fb2e113d06153c90fffc87f3cf34b67b2bd14d6182601da76c2204
rh-postgresql94-postgresql-upgrade-9.4.9-1.el7.x86_64.rpm
    MD5: faf8aadc5f0bd7920e99aed91a4fe8adSHA-256: b1bd98a08c0a0e587303737820cd97640fca55675aebaef604301c90bb10f4c2
 
(The unlinked packages above are only available from the Red Hat Network)

1364001 – CVE-2016-5423 postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference1364002 – CVE-2016-5424 postgresql: privilege escalation via crafted database and role names

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply