It was found that PostgreSQL client programs mishandle database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable program. Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb.
Acknowledgments: Name: the PostgreSQL project Upstream: Nathan Bossart
Public via: https://www.postgresql.org/about/news/1688/
Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1366346]
Upstream patch: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
postgresql-9.5.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
postgresql-9.4.9-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
postgresql-9.5.4-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1781 https://rhn.redhat.com/errata/RHSA-2016-1781.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1821 https://rhn.redhat.com/errata/RHSA-2016-1821.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1820 https://rhn.redhat.com/errata/RHSA-2016-1820.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2606 https://rhn.redhat.com/errata/RHSA-2016-2606.html
This issue has been addressed in the following products: Red Hat Satellite 5.7 Via RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:2425