Updated postgresql9.4 packages fix security vulnerabilities
Publication date: 30 Jul 2017Modification date: 30 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7484 , CVE-2017-7485 , CVE-2017-7486
Description
Robert Haas discovered that some selectivity estimators did not validate user
privileges which could result in information disclosure (CVE-2017-7484).
Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no
longer enforce a TLS connection (CVE-2017-7485).
Andrew Wheelwright discovered that user mappings were insufficiently restricted
(CVE-2017-7486).
References
- https://bugs.mageia.org/show_bug.cgi?id=20842
- http://www.postgresql.org/docs/current/static/release-9-3-17.html
- http://www.postgresql.org/docs/current/static/release-9-4-12.html
- https://www.postgresql.org/about/news/1746/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7484
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7485
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7486
SRPMS
5/core
- postgresql9.3-9.3.17-1.mga5
- postgresql9.4-9.4.12-1.mga5