Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-747)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120736

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2016-747)

Zusammenfassung: The remote host is missing an update for the 'postgresql92, postgresql93, postgresql94' package(s) announced via the ALAS-2016-747 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'postgresql92, postgresql93, postgresql94' package(s) announced via the ALAS-2016-747 advisory.

Vulnerability Insight:
A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423)

A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424)

Affected Software/OS:
'postgresql92, postgresql93, postgresql94' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5423
BugTraq ID: 92433
http://www.securityfocus.com/bid/92433
Debian Security Information: DSA-3646 (Google Search)
http://www.debian.org/security/2016/dsa-3646
https://security.gentoo.org/glsa/201701-33
RedHat Security Advisories: RHSA-2016:1781
http://rhn.redhat.com/errata/RHSA-2016-1781.html
RedHat Security Advisories: RHSA-2016:1820
http://rhn.redhat.com/errata/RHSA-2016-1820.html
RedHat Security Advisories: RHSA-2016:1821
http://rhn.redhat.com/errata/RHSA-2016-1821.html
RedHat Security Advisories: RHSA-2016:2606
http://rhn.redhat.com/errata/RHSA-2016-2606.html
RedHat Security Advisories: RHSA-2017:2425
https://access.redhat.com/errata/RHSA-2017:2425
http://www.securitytracker.com/id/1036617
Common Vulnerability Exposure (CVE) ID: CVE-2016-5424
BugTraq ID: 92435
http://www.securityfocus.com/bid/92435

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120736
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2016-747)
Zusammenfassung:	The remote host is missing an update for the 'postgresql92, postgresql93, postgresql94' package(s) announced via the ALAS-2016-747 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'postgresql92, postgresql93, postgresql94' package(s) announced via the ALAS-2016-747 advisory. Vulnerability Insight: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Affected Software/OS: 'postgresql92, postgresql93, postgresql94' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5423 BugTraq ID: 92433 http://www.securityfocus.com/bid/92433 Debian Security Information: DSA-3646 (Google Search) http://www.debian.org/security/2016/dsa-3646 https://security.gentoo.org/glsa/201701-33 RedHat Security Advisories: RHSA-2016:1781 http://rhn.redhat.com/errata/RHSA-2016-1781.html RedHat Security Advisories: RHSA-2016:1820 http://rhn.redhat.com/errata/RHSA-2016-1820.html RedHat Security Advisories: RHSA-2016:1821 http://rhn.redhat.com/errata/RHSA-2016-1821.html RedHat Security Advisories: RHSA-2016:2606 http://rhn.redhat.com/errata/RHSA-2016-2606.html RedHat Security Advisories: RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:2425 http://www.securitytracker.com/id/1036617 Common Vulnerability Exposure (CVE) ID: CVE-2016-5424 BugTraq ID: 92435 http://www.securityfocus.com/bid/92435
Copyright	Copyright (C) 2016 Greenbone AG