An update for postgresql92-postgresql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
PostgreSQL is an advanced object-relational database management system (DBMS).The following packages have been upgraded to a newer upstream version:postgresql92-postgresql (9.2.18)Security Fix(es):* A flaw was found in the way PostgreSQL server handled certain SQL statementscontaining CASE/WHEN commands.

A remote, authenticated attacker could use aspecially crafted SQL statement to cause PostgreSQL to crash or disclose a fewbytes of server memory or possibly execute arbitrary code. (CVE-2016-5423)* A flaw was found in the way PostgreSQL client programs handled database androle names containing newlines, carriage returns, double quotes, or backslashes.By crafting such an object name, roles with the CREATEDB or CREATEROLE optioncould escalate their privileges to superuser when a superuser next executesmaintenance with a vulnerable client program. (CVE-2016-5424)Red Hat would like to thank the PostgreSQL project for reporting these issues.Upstream acknowledges Heikki Linnakangas as the original reporter ofCVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258If the postgresql service is running, it will be automatically restarted afterinstalling this update.Red Hat Software Collections 1 for RHEL 6

SRPMS:
postgresql92-postgresql-9.2.18-1.el6.src.rpm
    MD5: 747dfd7992218bcefbb8bf26a1637102SHA-256: 0c7bba4801b9f41a8fa8dffe02b8e61eb76da551a20fa19261f5921ee54c3367
 
x86_64:
postgresql92-postgresql-9.2.18-1.el6.x86_64.rpm
    MD5: 82e29fac97952cb9630ced200d30fce7SHA-256: 6d924b8910713952a3a93b648682716d27eb239d09d84b4101dffe65da2ab8fc
postgresql92-postgresql-contrib-9.2.18-1.el6.x86_64.rpm
    MD5: eff4957460aa00834d163e390565ed0dSHA-256: d78eba6e5f79453c203a9ab6c11ab801c1166bf4fe61eb68183f8175ae4737fa
postgresql92-postgresql-debuginfo-9.2.18-1.el6.x86_64.rpm
    MD5: 4ce9cbf27f6ea13d6fd6a2c779109ba1SHA-256: d925451bd35345ce120bb6b5bff943456521e4ed5f3a1674830111023863f5f9
postgresql92-postgresql-devel-9.2.18-1.el6.x86_64.rpm
    MD5: 212d1d7d26544f108da81941e255279cSHA-256: 61fef8ad208c6f64e1df55083f501fa2038834e53cebcf9ef915b38bb7d71b0a
postgresql92-postgresql-docs-9.2.18-1.el6.x86_64.rpm
    MD5: 5e647240ef1b86702939826a4c110b83SHA-256: 89615b8e232a5e8e73bcfe23222e8cd813eb7aea253f99715752e02d401e71f9
postgresql92-postgresql-libs-9.2.18-1.el6.x86_64.rpm
    MD5: 61e0850b99b766ea40503053429b53a0SHA-256: 5c8bf41710013a011850745768926b0f1c21e0a98732d434f28b513fb222df08
postgresql92-postgresql-plperl-9.2.18-1.el6.x86_64.rpm
    MD5: cb2b8a77b925f951a769cb37de14ae17SHA-256: e86d92be50ac9ee8b5f23866389569d0e3b346de49a4f76115fbcdfd29a1531b
postgresql92-postgresql-plpython-9.2.18-1.el6.x86_64.rpm
    MD5: f73333d2427b6d0f08ca0368196ecb6dSHA-256: 046197e8e51fc315514f7b295f3e6e251a04397a3a450906d713820ffb9cf896
postgresql92-postgresql-pltcl-9.2.18-1.el6.x86_64.rpm
    MD5: abc8ab2f975c517323279f0e27285289SHA-256: 63e6d9f8d7cadef39e74496111e7e2ecb17b81ce35c1dec4743472e4c942928d
postgresql92-postgresql-server-9.2.18-1.el6.x86_64.rpm
    MD5: 0d8ae37169549ef18f83bfa24a3b4b0dSHA-256: efc60afa66e5b216f1f3333be688a10e80150e06c0d380a9568c97f15e360f1c
postgresql92-postgresql-test-9.2.18-1.el6.x86_64.rpm
    MD5: dedc771d950e13967f5666cc7e3bfb78SHA-256: 5ce769303794826b86d8bc61e05cdddb74d93ed1422b0ff989d02782a50e6f89
postgresql92-postgresql-upgrade-9.2.18-1.el6.x86_64.rpm
    MD5: 7772f8ed1902c1aa36669e4dbae99071SHA-256: e6a20ae62d00c192c212b72f7d1ba89d1ad5f26874880b3e596d820e4ffb0976
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
postgresql92-postgresql-9.2.18-1.el7.src.rpm
    MD5: 1ec490c47a5c89e799e1be96ea896ed2SHA-256: 600e775a24e3734134936a2ead39195b4ef8ddfc87fc4d9332771b60bde8ba6f
 
x86_64:
postgresql92-postgresql-9.2.18-1.el7.x86_64.rpm
    MD5: db853efef992e07fbecf4989ac80edc7SHA-256: 3669976e80354188085be5a902ba7914479b71b4c282f3c846e666d1b54cdf93
postgresql92-postgresql-contrib-9.2.18-1.el7.x86_64.rpm
    MD5: bc9ef3b765624788cfe2595e556d73b3SHA-256: 37e2ed4b7ebc30153229943abeab65bcc6763f76763a52148f309294999fd150
postgresql92-postgresql-debuginfo-9.2.18-1.el7.x86_64.rpm
    MD5: 8062269c2db22a7da1beb675de4ceb75SHA-256: 5b083bbe061bf7fbadaf940d02e1f5bcf612dea5dc01e8c95006b946393761b8
postgresql92-postgresql-devel-9.2.18-1.el7.x86_64.rpm
    MD5: b96649cf0654c410682edb2c481844b4SHA-256: fba49f83ce4ee179a8fd445b1256b30cc1057cda808026384b2f8d4fef17ddbc
postgresql92-postgresql-docs-9.2.18-1.el7.x86_64.rpm
    MD5: 077ccfdb64478d199385e9ec3f5c235fSHA-256: 4bd15066101906d90c388e25db1c2ded87f2ef724a70ea1ada57d89e05cf4a4b
postgresql92-postgresql-libs-9.2.18-1.el7.x86_64.rpm
    MD5: 6923888d33d038775a88eb392afdf147SHA-256: 8c013f47fe63c262a450f2215c7b639945b36908fcd18c07ba5fb0d585f8b6af
postgresql92-postgresql-plperl-9.2.18-1.el7.x86_64.rpm
    MD5: b4583f52b8bd44009879b27d0170d3f0SHA-256: 52b7e88f07ba027a856fa396b932e7526d083df3dcb97afd58ab43542d7601ba
postgresql92-postgresql-plpython-9.2.18-1.el7.x86_64.rpm
    MD5: 910cfe805730cd687c58a44f9fd0cb66SHA-256: 92dfd54289d234e4bef1740bd685f6bb9bebd9e525c519ddd392c83d0f04de96
postgresql92-postgresql-pltcl-9.2.18-1.el7.x86_64.rpm
    MD5: 99cd658330444d0d534472778e7f4400SHA-256: a9b1b88f54485d03c13eb2afa1b872d3a571931107c6859859be422dc7b01cef
postgresql92-postgresql-server-9.2.18-1.el7.x86_64.rpm
    MD5: 005214c18f9647ed9d0551dc58dc54ebSHA-256: 04474a8b7a64f878ffb5fe9c91bcdaaf9a1f31b7cb22b28d7edd3907ca19bb05
postgresql92-postgresql-test-9.2.18-1.el7.x86_64.rpm
    MD5: 609d6bb1d0e4d3d939320bb123ccff28SHA-256: 07d08671c92ea9da8f1a22e3e2c8ef0a3e09f95222ebc897a2ae2d9ac24bb199
postgresql92-postgresql-upgrade-9.2.18-1.el7.x86_64.rpm
    MD5: 9f5bdeca9b799dc4a18682b568e90919SHA-256: c783dea260c53a55e3a8bd10925cbe17f14daba39e6089679b92877f9173e2ba
 
(The unlinked packages above are only available from the Red Hat Network)

1364001 – CVE-2016-5423 postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference1364002 – CVE-2016-5424 postgresql: privilege escalation via crafted database and role names

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply