CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 http://www.securityfocus.com/bid/101781 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://www.debian.org/security/2017/dsa-4028 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-15099 https://bugzilla.redhat.com/show_bug.cgi?id=1508823 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15098 – postgresql: Memory disclosure in JSON functions
https://notcve.org/view.php?id=CVE-2017-15098
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. Las llamadas de función json_populate_recordset o jsonb_populate_recordset inválidas en PostgreSQL en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6, versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15 y versiones 9.3.x anteriores a la 9.3.20 pueden provocar el cierre inesperado del servidor o divulgar unos pocos bytes de memoria del servidor. • http://www.securityfocus.com/bid/101781 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://www.debian.org/security/2017/dsa-4027 https://www.debian.org/security/2017/dsa-4028 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-15098 https://bugzilla.redhat.com/show_bug.cgi?id=1508820 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •