postgresql: Multiple vulnerabilities (CVE-2017-7546, CVE-2017-7547, CVE-2017-7548)
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The “pg_user_mappings” catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
Fixed In Version:
postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4
References:
https://www.postgresql.org/about/news/1772/
(from redmine: issue id 7659, created on 2017-08-11, closed on 2017-08-14)
- Relations:
- child #7660 (closed)
- child #7661 (closed)
- child #7662 (closed)
- child #7663 (closed)
- child #7664 (closed)
- Changesets:
- Revision ed07717d by Natanael Copa on 2017-08-14T11:24:34Z:
main/postgresql: security upgrade to 9.4.13 (CVE-2017-7546,CVE-2017-7547,CVE-2017-7548)
fixes #7659