[3.3] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3
References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3
References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg_user_mappings view discloses foreign server passwords
Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3
References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
(from redmine: issue id 7385, created on 2017-06-05, closed on 2017-06-13)
- Relations:
- parent #7381 (closed)
- Changesets:
- Revision d0be17ae on 2017-06-13T07:27:47Z:
main/postgresql: security upgrade to 9.4.12 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7385