ALAS-2018-990


Amazon Linux AMI Security Advisory: ALAS-2018-990
Advisory Release Date: 2018-04-05 16:55 Pacific
Severity: Medium
References: CVE-2018-1058 

Issue Overview:

Uncontrolled search path element in pg_dump and other client applications
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. (CVE-2018-1058 )


Affected Packages:

postgresql93,postgresql94,postgresql95,postgresql96


Issue Correction:
Run yum update postgresql93 to update your system.
Run yum update postgresql94 to update your system.
Run yum update postgresql95 to update your system.
Run yum update postgresql96 to update your system.

New Packages:
i686:
    postgresql96-test-9.6.8-1.80.amzn1.i686
    postgresql96-plpython27-9.6.8-1.80.amzn1.i686
    postgresql96-contrib-9.6.8-1.80.amzn1.i686
    postgresql96-plperl-9.6.8-1.80.amzn1.i686
    postgresql96-server-9.6.8-1.80.amzn1.i686
    postgresql96-static-9.6.8-1.80.amzn1.i686
    postgresql96-9.6.8-1.80.amzn1.i686
    postgresql96-debuginfo-9.6.8-1.80.amzn1.i686
    postgresql96-devel-9.6.8-1.80.amzn1.i686
    postgresql96-docs-9.6.8-1.80.amzn1.i686
    postgresql96-libs-9.6.8-1.80.amzn1.i686
    postgresql96-plpython26-9.6.8-1.80.amzn1.i686
    postgresql95-plpython27-9.5.12-1.78.amzn1.i686
    postgresql95-plperl-9.5.12-1.78.amzn1.i686
    postgresql95-devel-9.5.12-1.78.amzn1.i686
    postgresql95-test-9.5.12-1.78.amzn1.i686
    postgresql95-libs-9.5.12-1.78.amzn1.i686
    postgresql95-static-9.5.12-1.78.amzn1.i686
    postgresql95-server-9.5.12-1.78.amzn1.i686
    postgresql95-docs-9.5.12-1.78.amzn1.i686
    postgresql95-debuginfo-9.5.12-1.78.amzn1.i686
    postgresql95-contrib-9.5.12-1.78.amzn1.i686
    postgresql95-9.5.12-1.78.amzn1.i686
    postgresql95-plpython26-9.5.12-1.78.amzn1.i686
    postgresql93-plpython27-9.3.22-1.70.amzn1.i686
    postgresql93-pltcl-9.3.22-1.70.amzn1.i686
    postgresql93-debuginfo-9.3.22-1.70.amzn1.i686
    postgresql93-devel-9.3.22-1.70.amzn1.i686
    postgresql93-9.3.22-1.70.amzn1.i686
    postgresql93-libs-9.3.22-1.70.amzn1.i686
    postgresql93-server-9.3.22-1.70.amzn1.i686
    postgresql93-docs-9.3.22-1.70.amzn1.i686
    postgresql93-plpython26-9.3.22-1.70.amzn1.i686
    postgresql93-test-9.3.22-1.70.amzn1.i686
    postgresql93-plperl-9.3.22-1.70.amzn1.i686
    postgresql93-contrib-9.3.22-1.70.amzn1.i686
    postgresql94-server-9.4.17-1.74.amzn1.i686
    postgresql94-devel-9.4.17-1.74.amzn1.i686
    postgresql94-9.4.17-1.74.amzn1.i686
    postgresql94-debuginfo-9.4.17-1.74.amzn1.i686
    postgresql94-contrib-9.4.17-1.74.amzn1.i686
    postgresql94-plpython26-9.4.17-1.74.amzn1.i686
    postgresql94-test-9.4.17-1.74.amzn1.i686
    postgresql94-plpython27-9.4.17-1.74.amzn1.i686
    postgresql94-docs-9.4.17-1.74.amzn1.i686
    postgresql94-libs-9.4.17-1.74.amzn1.i686
    postgresql94-plperl-9.4.17-1.74.amzn1.i686

src:
    postgresql96-9.6.8-1.80.amzn1.src
    postgresql95-9.5.12-1.78.amzn1.src
    postgresql93-9.3.22-1.70.amzn1.src
    postgresql94-9.4.17-1.74.amzn1.src

x86_64:
    postgresql96-libs-9.6.8-1.80.amzn1.x86_64
    postgresql96-plperl-9.6.8-1.80.amzn1.x86_64
    postgresql96-plpython27-9.6.8-1.80.amzn1.x86_64
    postgresql96-server-9.6.8-1.80.amzn1.x86_64
    postgresql96-debuginfo-9.6.8-1.80.amzn1.x86_64
    postgresql96-docs-9.6.8-1.80.amzn1.x86_64
    postgresql96-contrib-9.6.8-1.80.amzn1.x86_64
    postgresql96-plpython26-9.6.8-1.80.amzn1.x86_64
    postgresql96-9.6.8-1.80.amzn1.x86_64
    postgresql96-devel-9.6.8-1.80.amzn1.x86_64
    postgresql96-test-9.6.8-1.80.amzn1.x86_64
    postgresql96-static-9.6.8-1.80.amzn1.x86_64
    postgresql95-plpython27-9.5.12-1.78.amzn1.x86_64
    postgresql95-9.5.12-1.78.amzn1.x86_64
    postgresql95-plperl-9.5.12-1.78.amzn1.x86_64
    postgresql95-devel-9.5.12-1.78.amzn1.x86_64
    postgresql95-test-9.5.12-1.78.amzn1.x86_64
    postgresql95-contrib-9.5.12-1.78.amzn1.x86_64
    postgresql95-docs-9.5.12-1.78.amzn1.x86_64
    postgresql95-server-9.5.12-1.78.amzn1.x86_64
    postgresql95-debuginfo-9.5.12-1.78.amzn1.x86_64
    postgresql95-static-9.5.12-1.78.amzn1.x86_64
    postgresql95-plpython26-9.5.12-1.78.amzn1.x86_64
    postgresql95-libs-9.5.12-1.78.amzn1.x86_64
    postgresql93-docs-9.3.22-1.70.amzn1.x86_64
    postgresql93-plpython26-9.3.22-1.70.amzn1.x86_64
    postgresql93-server-9.3.22-1.70.amzn1.x86_64
    postgresql93-plpython27-9.3.22-1.70.amzn1.x86_64
    postgresql93-pltcl-9.3.22-1.70.amzn1.x86_64
    postgresql93-devel-9.3.22-1.70.amzn1.x86_64
    postgresql93-debuginfo-9.3.22-1.70.amzn1.x86_64
    postgresql93-contrib-9.3.22-1.70.amzn1.x86_64
    postgresql93-libs-9.3.22-1.70.amzn1.x86_64
    postgresql93-plperl-9.3.22-1.70.amzn1.x86_64
    postgresql93-test-9.3.22-1.70.amzn1.x86_64
    postgresql93-9.3.22-1.70.amzn1.x86_64
    postgresql94-libs-9.4.17-1.74.amzn1.x86_64
    postgresql94-plpython26-9.4.17-1.74.amzn1.x86_64
    postgresql94-server-9.4.17-1.74.amzn1.x86_64
    postgresql94-9.4.17-1.74.amzn1.x86_64
    postgresql94-devel-9.4.17-1.74.amzn1.x86_64
    postgresql94-contrib-9.4.17-1.74.amzn1.x86_64
    postgresql94-docs-9.4.17-1.74.amzn1.x86_64
    postgresql94-debuginfo-9.4.17-1.74.amzn1.x86_64
    postgresql94-test-9.4.17-1.74.amzn1.x86_64
    postgresql94-plpython27-9.4.17-1.74.amzn1.x86_64
    postgresql94-plperl-9.4.17-1.74.amzn1.x86_64