CVE-2017-7485 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Man-in-the-middle |
| Description | A security issue has been found in the libpq component of PostgreSQL < 9.6.3, where the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-280 | postgresql-libs | 9.6.2-1 | 9.6.3-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 30 May 2017 | ASA-201705-24 | AVG-280 | postgresql-libs | High | man-in-the-middle |
| References |
|---|
https://www.postgresql.org/about/news/1746/ |