Amazon Linux 1 Security Advisory: ALAS-2018-990
Advisory Release Date: 2018-04-05 16:55 Pacific
Advisory Updated Date: 2018-04-05 23:16 Pacific
Uncontrolled search path element in pg_dump and other client applications
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. (CVE-2018-1058)
Affected Packages:
postgresql93, postgresql94, postgresql95, postgresql96
Issue Correction:
Run yum update postgresql93 to update your system.
Run yum update postgresql94 to update your system.
Run yum update postgresql95 to update your system.
Run yum update postgresql96 to update your system.
i686:
postgresql96-test-9.6.8-1.80.amzn1.i686
postgresql96-plpython27-9.6.8-1.80.amzn1.i686
postgresql96-contrib-9.6.8-1.80.amzn1.i686
postgresql96-plperl-9.6.8-1.80.amzn1.i686
postgresql96-server-9.6.8-1.80.amzn1.i686
postgresql96-static-9.6.8-1.80.amzn1.i686
postgresql96-9.6.8-1.80.amzn1.i686
postgresql96-debuginfo-9.6.8-1.80.amzn1.i686
postgresql96-devel-9.6.8-1.80.amzn1.i686
postgresql96-docs-9.6.8-1.80.amzn1.i686
postgresql96-libs-9.6.8-1.80.amzn1.i686
postgresql96-plpython26-9.6.8-1.80.amzn1.i686
postgresql95-plpython27-9.5.12-1.78.amzn1.i686
postgresql95-plperl-9.5.12-1.78.amzn1.i686
postgresql95-devel-9.5.12-1.78.amzn1.i686
postgresql95-test-9.5.12-1.78.amzn1.i686
postgresql95-libs-9.5.12-1.78.amzn1.i686
postgresql95-static-9.5.12-1.78.amzn1.i686
postgresql95-server-9.5.12-1.78.amzn1.i686
postgresql95-docs-9.5.12-1.78.amzn1.i686
postgresql95-debuginfo-9.5.12-1.78.amzn1.i686
postgresql95-contrib-9.5.12-1.78.amzn1.i686
postgresql95-9.5.12-1.78.amzn1.i686
postgresql95-plpython26-9.5.12-1.78.amzn1.i686
postgresql93-plpython27-9.3.22-1.70.amzn1.i686
postgresql93-pltcl-9.3.22-1.70.amzn1.i686
postgresql93-debuginfo-9.3.22-1.70.amzn1.i686
postgresql93-devel-9.3.22-1.70.amzn1.i686
postgresql93-9.3.22-1.70.amzn1.i686
postgresql93-libs-9.3.22-1.70.amzn1.i686
postgresql93-server-9.3.22-1.70.amzn1.i686
postgresql93-docs-9.3.22-1.70.amzn1.i686
postgresql93-plpython26-9.3.22-1.70.amzn1.i686
postgresql93-test-9.3.22-1.70.amzn1.i686
postgresql93-plperl-9.3.22-1.70.amzn1.i686
postgresql93-contrib-9.3.22-1.70.amzn1.i686
postgresql94-server-9.4.17-1.74.amzn1.i686
postgresql94-devel-9.4.17-1.74.amzn1.i686
postgresql94-9.4.17-1.74.amzn1.i686
postgresql94-debuginfo-9.4.17-1.74.amzn1.i686
postgresql94-contrib-9.4.17-1.74.amzn1.i686
postgresql94-plpython26-9.4.17-1.74.amzn1.i686
postgresql94-test-9.4.17-1.74.amzn1.i686
postgresql94-plpython27-9.4.17-1.74.amzn1.i686
postgresql94-docs-9.4.17-1.74.amzn1.i686
postgresql94-libs-9.4.17-1.74.amzn1.i686
postgresql94-plperl-9.4.17-1.74.amzn1.i686
src:
postgresql96-9.6.8-1.80.amzn1.src
postgresql95-9.5.12-1.78.amzn1.src
postgresql93-9.3.22-1.70.amzn1.src
postgresql94-9.4.17-1.74.amzn1.src
x86_64:
postgresql96-libs-9.6.8-1.80.amzn1.x86_64
postgresql96-plperl-9.6.8-1.80.amzn1.x86_64
postgresql96-plpython27-9.6.8-1.80.amzn1.x86_64
postgresql96-server-9.6.8-1.80.amzn1.x86_64
postgresql96-debuginfo-9.6.8-1.80.amzn1.x86_64
postgresql96-docs-9.6.8-1.80.amzn1.x86_64
postgresql96-contrib-9.6.8-1.80.amzn1.x86_64
postgresql96-plpython26-9.6.8-1.80.amzn1.x86_64
postgresql96-9.6.8-1.80.amzn1.x86_64
postgresql96-devel-9.6.8-1.80.amzn1.x86_64
postgresql96-test-9.6.8-1.80.amzn1.x86_64
postgresql96-static-9.6.8-1.80.amzn1.x86_64
postgresql95-plpython27-9.5.12-1.78.amzn1.x86_64
postgresql95-9.5.12-1.78.amzn1.x86_64
postgresql95-plperl-9.5.12-1.78.amzn1.x86_64
postgresql95-devel-9.5.12-1.78.amzn1.x86_64
postgresql95-test-9.5.12-1.78.amzn1.x86_64
postgresql95-contrib-9.5.12-1.78.amzn1.x86_64
postgresql95-docs-9.5.12-1.78.amzn1.x86_64
postgresql95-server-9.5.12-1.78.amzn1.x86_64
postgresql95-debuginfo-9.5.12-1.78.amzn1.x86_64
postgresql95-static-9.5.12-1.78.amzn1.x86_64
postgresql95-plpython26-9.5.12-1.78.amzn1.x86_64
postgresql95-libs-9.5.12-1.78.amzn1.x86_64
postgresql93-docs-9.3.22-1.70.amzn1.x86_64
postgresql93-plpython26-9.3.22-1.70.amzn1.x86_64
postgresql93-server-9.3.22-1.70.amzn1.x86_64
postgresql93-plpython27-9.3.22-1.70.amzn1.x86_64
postgresql93-pltcl-9.3.22-1.70.amzn1.x86_64
postgresql93-devel-9.3.22-1.70.amzn1.x86_64
postgresql93-debuginfo-9.3.22-1.70.amzn1.x86_64
postgresql93-contrib-9.3.22-1.70.amzn1.x86_64
postgresql93-libs-9.3.22-1.70.amzn1.x86_64
postgresql93-plperl-9.3.22-1.70.amzn1.x86_64
postgresql93-test-9.3.22-1.70.amzn1.x86_64
postgresql93-9.3.22-1.70.amzn1.x86_64
postgresql94-libs-9.4.17-1.74.amzn1.x86_64
postgresql94-plpython26-9.4.17-1.74.amzn1.x86_64
postgresql94-server-9.4.17-1.74.amzn1.x86_64
postgresql94-9.4.17-1.74.amzn1.x86_64
postgresql94-devel-9.4.17-1.74.amzn1.x86_64
postgresql94-contrib-9.4.17-1.74.amzn1.x86_64
postgresql94-docs-9.4.17-1.74.amzn1.x86_64
postgresql94-debuginfo-9.4.17-1.74.amzn1.x86_64
postgresql94-test-9.4.17-1.74.amzn1.x86_64
postgresql94-plpython27-9.4.17-1.74.amzn1.x86_64
postgresql94-plperl-9.4.17-1.74.amzn1.x86_64