USN-3390-1: PostgreSQL vulnerabilities
USN-3390-1: PostgreSQL vulnerabilities Ubuntu Security Notice USN-3390-1 15th August, 2017 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in PostgreSQL. Software description postgresql-9.3 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.6 – object-relational SQL database Details Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered thatPostgreSQL allowed the use of empty passwords in some authenticationmethods, contrary to expected behaviour. A remote attacker could use anempty password to authenticate to servers that were believed to havepassword login disabled. (CVE-2017-7546) Jeff Janes discovered that PostgreSQL incorrectly handled thepg_user_mappings catalog view. A remote attacker without server privilegescould possibly use this issue to obtain certain passwords. (CVE-2017-7547) Chapman Flack discovered that PostgreSQL incorrectly handled lo_put()permissions. A remote attacker could [ more… ]
