An update for rh-postgresql95-postgresql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
PostgreSQL is an advanced object-relational database management system (DBMS).The following packages have been upgraded to a newer upstream version:rh-postgresql95-postgresql (9.5.4)Security Fix(es):* A flaw was found in the way PostgreSQL server handled certain SQL statementscontaining CASE/WHEN commands.

A remote, authenticated attacker could use aspecially crafted SQL statement to cause PostgreSQL to crash or disclose a fewbytes of server memory or possibly execute arbitrary code. (CVE-2016-5423)* A flaw was found in the way PostgreSQL client programs handled database androle names containing newlines, carriage returns, double quotes, or backslashes.By crafting such an object name, roles with the CREATEDB or CREATEROLE optioncould escalate their privileges to superuser when a superuser next executesmaintenance with a vulnerable client program. (CVE-2016-5424)Red Hat would like to thank the PostgreSQL project for reporting these issues.Upstream acknowledges Heikki Linnakangas as the original reporter ofCVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258If the postgresql service is running, it will be automatically restarted afterinstalling this update.Red Hat Software Collections 1 for RHEL 6

SRPMS:
rh-postgresql95-postgresql-9.5.4-1.el6.src.rpm
    MD5: 7351aef710b99e6644eb127631a1b3f9SHA-256: 3dc85760cb88021466cc553f420ecf22716b00d04651b861daf186130b0d4e93
 
x86_64:
rh-postgresql95-postgresql-9.5.4-1.el6.x86_64.rpm
    MD5: bb6e11b1775ab06e62e98f9f083fc6d0SHA-256: eecb0fefcc8ecc949407c26878127153b140c7dc598c32646c8232429d2aa132
rh-postgresql95-postgresql-contrib-9.5.4-1.el6.x86_64.rpm
    MD5: 85c9c80db3ae8b2b0fda0963510e780bSHA-256: a3e4cc95ba6f5197c6fcf8315049f280403314876b38eb7c845513c51150942a
rh-postgresql95-postgresql-debuginfo-9.5.4-1.el6.x86_64.rpm
    MD5: e5a0929a0f19e679cd140202aa088daeSHA-256: 5c411831760314da89009167ce4380de7dfa291c2eb3392ed2783343ceca0eec
rh-postgresql95-postgresql-devel-9.5.4-1.el6.x86_64.rpm
    MD5: a7e6081f580fec41a863d427cf8c04deSHA-256: d3c0733e79772ff46f800f7102b6593e29ca812fca5529d18c7dc6ed6b50db05
rh-postgresql95-postgresql-docs-9.5.4-1.el6.x86_64.rpm
    MD5: 64ed258c238e39b2889af065e1006df9SHA-256: 5b3411e6e6b8148713256cca019289df22d661c171f0a2596a04cdf827b318b6
rh-postgresql95-postgresql-libs-9.5.4-1.el6.x86_64.rpm
    MD5: 12ce3c9e9a07257363a28a66f7bd3ed8SHA-256: a6b7ed5ca1d1b0168b3d420eb63eae20303d62355dbc56fdb05e1a3f9a73ce98
rh-postgresql95-postgresql-plperl-9.5.4-1.el6.x86_64.rpm
    MD5: 7ee9cd86da9d4b59b2750a3aa90e8c07SHA-256: ce6032fc2bc70d79a158a4a8e27004efb3eb1ab34335f4b9b029732ec4d12d0c
rh-postgresql95-postgresql-plpython-9.5.4-1.el6.x86_64.rpm
    MD5: 74adbda7be88b746f250089dec659913SHA-256: 444437bc4df429c2338945320fcf866e5c06462d3a6ec211181bb7c5d3420725
rh-postgresql95-postgresql-pltcl-9.5.4-1.el6.x86_64.rpm
    MD5: 396f535a7acedfe5d2dff2e16f8a6b79SHA-256: a19179bde44184f4ebf2fad1616081d3a1ed7364f655f4e3058790530920d5a8
rh-postgresql95-postgresql-server-9.5.4-1.el6.x86_64.rpm
    MD5: 95c6ab56431f60047c1cdeebc15fd962SHA-256: 24707268f50154cb568a0b5491ce553702240110d0f8d7bc260e4858ed6bedb7
rh-postgresql95-postgresql-static-9.5.4-1.el6.x86_64.rpm
    MD5: 0fc3fdbef7e8702a69d7f494a71e9afaSHA-256: f87468e53b8796c1f3e6aa4f9f14ada70520a4d864d596306635751b84d86efd
rh-postgresql95-postgresql-test-9.5.4-1.el6.x86_64.rpm
    MD5: 7d7df357a912f16aa8d450c18a49e1c8SHA-256: a910f738649d9382fe7728c7b58a70bab2469b50ce4683793c5a97b5670e8ed9
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
rh-postgresql95-postgresql-9.5.4-1.el7.src.rpm
    MD5: cac4eaf2dbb2e9c8b394e57f58e35a19SHA-256: 4b4e27c79350bdaa19e3f0894cbdb4c8864e02ff9cc1077a7b617aeb3a076407
 
x86_64:
rh-postgresql95-postgresql-9.5.4-1.el7.x86_64.rpm
    MD5: cd2d8fac86384c66faf404eabbb49ddcSHA-256: 89cedbd1401005afeb38500232ef15189db17bc8cd8ace389837c85c5e98a14a
rh-postgresql95-postgresql-contrib-9.5.4-1.el7.x86_64.rpm
    MD5: 91405614049f69af9489278bc3f26819SHA-256: a6312b49eb9018fedbdc6cfc8f23acef9f5346c6683036b1f9c9fa604939729e
rh-postgresql95-postgresql-debuginfo-9.5.4-1.el7.x86_64.rpm
    MD5: 0b4aa019896c26f2edb5a1c4e51ed7ccSHA-256: 27f7742ea237a1a4c065285158272e7783c03b2a618ee767f61453fd6980a74f
rh-postgresql95-postgresql-devel-9.5.4-1.el7.x86_64.rpm
    MD5: f1de7a66e4a2a72201b8949bc25ad809SHA-256: f8abc96f8cd7358c08e8c7e19b167d047731787ccc1143b94e174400a663a1a8
rh-postgresql95-postgresql-docs-9.5.4-1.el7.x86_64.rpm
    MD5: 2434f01e389f842c387866d1b56a7319SHA-256: 6108e75f53f394c73fd87472de162a452b123807396c3de3893bedc88b9223c4
rh-postgresql95-postgresql-libs-9.5.4-1.el7.x86_64.rpm
    MD5: 0eb0dd3470e70554b2ea42fc2766b6f1SHA-256: b26fa54d3ac81e92b2780ca4b1b9f883ef58f3bdce3f2164f2f784cc95ab8678
rh-postgresql95-postgresql-plperl-9.5.4-1.el7.x86_64.rpm
    MD5: d88f57839b51790a746211d68317980bSHA-256: 70bd5d010bce4e21d508cf3749c96c3601d8dec801e87ef8bd384892dc017159
rh-postgresql95-postgresql-plpython-9.5.4-1.el7.x86_64.rpm
    MD5: 72efb787bfbde6ddaf74575511feb057SHA-256: 9fbb9d888280b4b40e839e7ab89a4c14ed3d179bf5b2cca00506c0dba3a00455
rh-postgresql95-postgresql-pltcl-9.5.4-1.el7.x86_64.rpm
    MD5: 655aeb25e1fd390ec77011f56c8124d3SHA-256: 8f3b5be2c88a0590104c5336ad1f92e147ac91d89fa68a67ebee8e3436d35a2b
rh-postgresql95-postgresql-server-9.5.4-1.el7.x86_64.rpm
    MD5: 332f4a73ba1b2267c493d538b2b5d08bSHA-256: cb7bab17af7f0a4be8dd014134d274c451a296ee833538b6b3885b048d6155ba
rh-postgresql95-postgresql-static-9.5.4-1.el7.x86_64.rpm
    MD5: c9fa1f4db91940e7be197f97abf16f97SHA-256: 1ee3b0548d0b584deffcb19892a18ef9d6a3ed79e20736119fcd73b28bb8978b
rh-postgresql95-postgresql-test-9.5.4-1.el7.x86_64.rpm
    MD5: cb8a9e2c1bc9f226ae5b85b0a5cd34e9SHA-256: 899faa2195d2e8f210dc92e25af1232aa8fbe23826110e9a53d22516077b2c98
 
(The unlinked packages above are only available from the Red Hat Network)

1364001 – CVE-2016-5423 postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference1364002 – CVE-2016-5424 postgresql: privilege escalation via crafted database and role names

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply