[3.3] postgresql: Multiple vulnerabilities (CVE-2017-7546, CVE-2017-7547, CVE-2017-7548)
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The “pg_user_mappings” catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
Fixed In Version:
postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4
References:
https://www.postgresql.org/about/news/1772/
(from redmine: issue id 7664, created on 2017-08-11, closed on 2017-08-14)
- Relations:
- parent #7659 (closed)