Synopsis: Moderate: postgresql security update
Advisory ID: SLSA-2017:3402-1
Issue Date: 2017-12-19
CVE Numbers: CVE-2017-12172
CVE-2017-15097
—
Security Fix(es):
* Privilege escalation flaws were found in the initialization scripts of
PostgreSQL. An attacker with access to the postgres user account could use
these flaws to obtain root access on the server machine. (CVE-2017-12172,
CVE-2017-15097)
Note: This patch drops the script privileges from root to the postgres
user. Therefore, this update works properly only if the postgres user has
write access to the postgres’ home directory, such as the one in the
default configuration (/var/lib/pgsql).
—
SL7
x86_64
postgresql-debuginfo-9.2.23-3.el7_4.i686.rpm
postgresql-debuginfo-9.2.23-3.el7_4.x86_64.rpm
postgresql-libs-9.2.23-3.el7_4.i686.rpm
postgresql-libs-9.2.23-3.el7_4.x86_64.rpm
postgresql-9.2.23-3.el7_4.i686.rpm
postgresql-9.2.23-3.el7_4.x86_64.rpm
postgresql-contrib-9.2.23-3.el7_4.x86_64.rpm
postgresql-devel-9.2.23-3.el7_4.i686.rpm
postgresql-devel-9.2.23-3.el7_4.x86_64.rpm
postgresql-docs-9.2.23-3.el7_4.x86_64.rpm
postgresql-plperl-9.2.23-3.el7_4.x86_64.rpm
postgresql-plpython-9.2.23-3.el7_4.x86_64.rpm
postgresql-pltcl-9.2.23-3.el7_4.x86_64.rpm
postgresql-server-9.2.23-3.el7_4.x86_64.rpm
postgresql-static-9.2.23-3.el7_4.i686.rpm
postgresql-static-9.2.23-3.el7_4.x86_64.rpm
postgresql-test-9.2.23-3.el7_4.x86_64.rpm
postgresql-upgrade-9.2.23-3.el7_4.x86_64.rpm
postgresql-9.2.23-3.el7_4.src.rpm
– Scientific Linux Development Team
