AVG-381 log
Package | postgresql |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 9.6.3-3 |
Fixed | 9.6.4-1 |
Current |
16.6-1 [extra-testing] 16.3-4 [extra] |
Ticket | None |
Created | Mon Aug 14 12:54:57 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-7548 | Medium | Yes | Access restriction bypass | An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could... |
CVE-2017-7547 | High | Yes | Information disclosure | An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could... |
CVE-2017-7546 | Medium | Yes | Authentication bypass | It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A... |
Date | Advisory | Package | Type |
---|---|---|---|
06 Sep 2017 | ASA-201709-2 | postgresql | multiple issues |
References |
---|
https://www.postgresql.org/about/news/1772/ |