AVG-381

Package postgresql
Status Fixed
Severity High
Type multiple issues
Affected 9.6.3-3
Fixed 9.6.4-1
Current 10.2-1 [extra]
Ticket None
Created Mon Aug 14 12:54:57 2017
Issue Severity Remote Type Description
CVE-2017-7548 Medium Yes Access restriction bypass
An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could...
CVE-2017-7547 High Yes Information disclosure
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could...
CVE-2017-7546 Medium Yes Authentication bypass
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A...
Date Advisory Package Description
06 Sep 2017 ASA-201709-2 postgresql multiple issues
References
https://www.postgresql.org/about/news/1772/