Synopsis:          Moderate: postgresql security update
Advisory ID:       SLSA-2017:3402-1
Issue Date:        2017-12-19
CVE Numbers:       CVE-2017-12172
                   CVE-2017-15097
--

Security Fix(es):

* Privilege escalation flaws were found in the initialization scripts of
PostgreSQL. An attacker with access to the postgres user account could use
these flaws to obtain root access on the server machine. (CVE-2017-12172,
CVE-2017-15097)

Note: This patch drops the script privileges from root to the postgres
user. Therefore, this update works properly only if the postgres user has
write access to the postgres' home directory, such as the one in the
default configuration (/var/lib/pgsql).
--

SL7
  x86_64
    postgresql-debuginfo-9.2.23-3.el7_4.i686.rpm
    postgresql-debuginfo-9.2.23-3.el7_4.x86_64.rpm
    postgresql-libs-9.2.23-3.el7_4.i686.rpm
    postgresql-libs-9.2.23-3.el7_4.x86_64.rpm
    postgresql-9.2.23-3.el7_4.i686.rpm
    postgresql-9.2.23-3.el7_4.x86_64.rpm
    postgresql-contrib-9.2.23-3.el7_4.x86_64.rpm
    postgresql-devel-9.2.23-3.el7_4.i686.rpm
    postgresql-devel-9.2.23-3.el7_4.x86_64.rpm
    postgresql-docs-9.2.23-3.el7_4.x86_64.rpm
    postgresql-plperl-9.2.23-3.el7_4.x86_64.rpm
    postgresql-plpython-9.2.23-3.el7_4.x86_64.rpm
    postgresql-pltcl-9.2.23-3.el7_4.x86_64.rpm
    postgresql-server-9.2.23-3.el7_4.x86_64.rpm
    postgresql-static-9.2.23-3.el7_4.i686.rpm
    postgresql-static-9.2.23-3.el7_4.x86_64.rpm
    postgresql-test-9.2.23-3.el7_4.x86_64.rpm
    postgresql-upgrade-9.2.23-3.el7_4.x86_64.rpm
    postgresql-9.2.23-3.el7_4.src.rpm

- Scientific Linux Development Team