[3.4] postgresql: Multiple vulnerabilities (CVE-2017-7546, CVE-2017-7547, CVE-2017-7548)
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The “pg_user_mappings” catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
Fixed In Version:
postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4
References:
https://www.postgresql.org/about/news/1772/
(from redmine: issue id 7663, created on 2017-08-11, closed on 2017-08-14)
- Relations:
- parent #7659 (closed)
- Changesets:
- Revision 3ddcac9e by Natanael Copa on 2017-08-14T11:23:06Z:
main/postgresql: security upgrade to 9.5.8 (CVE-2017-7546,CVE-2017-7547,CVE-2017-7548)
fixes #7663