Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2018-990

Related Vulnerabilities: CVE-2018-1058  

Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. (CVE-2018-1058)

Source

ALAS-2018-990

Amazon Linux AMI Security Advisory: ALAS-2018-990
Advisory Release Date: 2018-04-05 16:55 Pacific
Advisory Updated Date: 2018-04-05 23:16 Pacific
Severity: Medium
References: CVE-2018-1058 
Issue Overview:

Uncontrolled search path element in pg_dump and other client applications
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. (CVE-2018-1058)


Affected Packages:

postgresql93, postgresql94, postgresql95, postgresql96


Issue Correction:
Run yum update postgresql93 to update your system.
Run yum update postgresql94 to update your system.
Run yum update postgresql95 to update your system.
Run yum update postgresql96 to update your system.

New Packages:
i686:
    postgresql96-test-9.6.8-1.80.amzn1.i686
    postgresql96-plpython27-9.6.8-1.80.amzn1.i686
    postgresql96-contrib-9.6.8-1.80.amzn1.i686
    postgresql96-plperl-9.6.8-1.80.amzn1.i686
    postgresql96-server-9.6.8-1.80.amzn1.i686
    postgresql96-static-9.6.8-1.80.amzn1.i686
    postgresql96-9.6.8-1.80.amzn1.i686
    postgresql96-debuginfo-9.6.8-1.80.amzn1.i686
    postgresql96-devel-9.6.8-1.80.amzn1.i686
    postgresql96-docs-9.6.8-1.80.amzn1.i686
    postgresql96-libs-9.6.8-1.80.amzn1.i686
    postgresql96-plpython26-9.6.8-1.80.amzn1.i686
    postgresql95-plpython27-9.5.12-1.78.amzn1.i686
    postgresql95-plperl-9.5.12-1.78.amzn1.i686
    postgresql95-devel-9.5.12-1.78.amzn1.i686
    postgresql95-test-9.5.12-1.78.amzn1.i686
    postgresql95-libs-9.5.12-1.78.amzn1.i686
    postgresql95-static-9.5.12-1.78.amzn1.i686
    postgresql95-server-9.5.12-1.78.amzn1.i686
    postgresql95-docs-9.5.12-1.78.amzn1.i686
    postgresql95-debuginfo-9.5.12-1.78.amzn1.i686
    postgresql95-contrib-9.5.12-1.78.amzn1.i686
    postgresql95-9.5.12-1.78.amzn1.i686
    postgresql95-plpython26-9.5.12-1.78.amzn1.i686
    postgresql93-plpython27-9.3.22-1.70.amzn1.i686
    postgresql93-pltcl-9.3.22-1.70.amzn1.i686
    postgresql93-debuginfo-9.3.22-1.70.amzn1.i686
    postgresql93-devel-9.3.22-1.70.amzn1.i686
    postgresql93-9.3.22-1.70.amzn1.i686
    postgresql93-libs-9.3.22-1.70.amzn1.i686
    postgresql93-server-9.3.22-1.70.amzn1.i686
    postgresql93-docs-9.3.22-1.70.amzn1.i686
    postgresql93-plpython26-9.3.22-1.70.amzn1.i686
    postgresql93-test-9.3.22-1.70.amzn1.i686
    postgresql93-plperl-9.3.22-1.70.amzn1.i686
    postgresql93-contrib-9.3.22-1.70.amzn1.i686
    postgresql94-server-9.4.17-1.74.amzn1.i686
    postgresql94-devel-9.4.17-1.74.amzn1.i686
    postgresql94-9.4.17-1.74.amzn1.i686
    postgresql94-debuginfo-9.4.17-1.74.amzn1.i686
    postgresql94-contrib-9.4.17-1.74.amzn1.i686
    postgresql94-plpython26-9.4.17-1.74.amzn1.i686
    postgresql94-test-9.4.17-1.74.amzn1.i686
    postgresql94-plpython27-9.4.17-1.74.amzn1.i686
    postgresql94-docs-9.4.17-1.74.amzn1.i686
    postgresql94-libs-9.4.17-1.74.amzn1.i686
    postgresql94-plperl-9.4.17-1.74.amzn1.i686

src:
    postgresql96-9.6.8-1.80.amzn1.src
    postgresql95-9.5.12-1.78.amzn1.src
    postgresql93-9.3.22-1.70.amzn1.src
    postgresql94-9.4.17-1.74.amzn1.src

x86_64:
    postgresql96-libs-9.6.8-1.80.amzn1.x86_64
    postgresql96-plperl-9.6.8-1.80.amzn1.x86_64
    postgresql96-plpython27-9.6.8-1.80.amzn1.x86_64
    postgresql96-server-9.6.8-1.80.amzn1.x86_64
    postgresql96-debuginfo-9.6.8-1.80.amzn1.x86_64
    postgresql96-docs-9.6.8-1.80.amzn1.x86_64
    postgresql96-contrib-9.6.8-1.80.amzn1.x86_64
    postgresql96-plpython26-9.6.8-1.80.amzn1.x86_64
    postgresql96-9.6.8-1.80.amzn1.x86_64
    postgresql96-devel-9.6.8-1.80.amzn1.x86_64
    postgresql96-test-9.6.8-1.80.amzn1.x86_64
    postgresql96-static-9.6.8-1.80.amzn1.x86_64
    postgresql95-plpython27-9.5.12-1.78.amzn1.x86_64
    postgresql95-9.5.12-1.78.amzn1.x86_64
    postgresql95-plperl-9.5.12-1.78.amzn1.x86_64
    postgresql95-devel-9.5.12-1.78.amzn1.x86_64
    postgresql95-test-9.5.12-1.78.amzn1.x86_64
    postgresql95-contrib-9.5.12-1.78.amzn1.x86_64
    postgresql95-docs-9.5.12-1.78.amzn1.x86_64
    postgresql95-server-9.5.12-1.78.amzn1.x86_64
    postgresql95-debuginfo-9.5.12-1.78.amzn1.x86_64
    postgresql95-static-9.5.12-1.78.amzn1.x86_64
    postgresql95-plpython26-9.5.12-1.78.amzn1.x86_64
    postgresql95-libs-9.5.12-1.78.amzn1.x86_64
    postgresql93-docs-9.3.22-1.70.amzn1.x86_64
    postgresql93-plpython26-9.3.22-1.70.amzn1.x86_64
    postgresql93-server-9.3.22-1.70.amzn1.x86_64
    postgresql93-plpython27-9.3.22-1.70.amzn1.x86_64
    postgresql93-pltcl-9.3.22-1.70.amzn1.x86_64
    postgresql93-devel-9.3.22-1.70.amzn1.x86_64
    postgresql93-debuginfo-9.3.22-1.70.amzn1.x86_64
    postgresql93-contrib-9.3.22-1.70.amzn1.x86_64
    postgresql93-libs-9.3.22-1.70.amzn1.x86_64
    postgresql93-plperl-9.3.22-1.70.amzn1.x86_64
    postgresql93-test-9.3.22-1.70.amzn1.x86_64
    postgresql93-9.3.22-1.70.amzn1.x86_64
    postgresql94-libs-9.4.17-1.74.amzn1.x86_64
    postgresql94-plpython26-9.4.17-1.74.amzn1.x86_64
    postgresql94-server-9.4.17-1.74.amzn1.x86_64
    postgresql94-9.4.17-1.74.amzn1.x86_64
    postgresql94-devel-9.4.17-1.74.amzn1.x86_64
    postgresql94-contrib-9.4.17-1.74.amzn1.x86_64
    postgresql94-docs-9.4.17-1.74.amzn1.x86_64
    postgresql94-debuginfo-9.4.17-1.74.amzn1.x86_64
    postgresql94-test-9.4.17-1.74.amzn1.x86_64
    postgresql94-plpython27-9.4.17-1.74.amzn1.x86_64
    postgresql94-plperl-9.4.17-1.74.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started