AVG-381 log
| Package | postgresql |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 9.6.3-3 |
| Fixed | 9.6.4-1 |
| Current | 18.1-1 [extra] |
| Ticket | None |
| Created | Mon Aug 14 12:54:57 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-7548 | Medium | Yes | Access restriction bypass | An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could... |
| CVE-2017-7547 | High | Yes | Information disclosure | An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could... |
| CVE-2017-7546 | Medium | Yes | Authentication bypass | It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 06 Sep 2017 | ASA-201709-2 | postgresql | multiple issues |
| References |
|---|
https://www.postgresql.org/about/news/1772/ |