Project

General

Profile

Bug #7382

Bug #7381: postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)

[3.6] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)

Added by Alicha CH about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
06/05/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-7484: selectivity estimators bypass SELECT privilege checks

Fixed In Version:

postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484

CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable

Fixed In Version:

postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485

CVE-2017-7486: pg_user_mappings view discloses foreign server passwords

Fixed In Version:

postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486

Associated revisions

Revision bc37dfd1 (diff)
Added by Leonardo Arena about 2 years ago

main/postgresql: security upgrade to 9.6.3 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)

Fixes #7382

History

#1 Updated by Anonymous about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF