Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871864
Category:Red Hat Local Security Checks
Title:RedHat Update for postgresql RHSA-2017:1983-01
Summary:The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PostgreSQL is an advanced object-relational
database management system (DBMS). The following packages have been upgraded to
a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es): *
It was found that some selectivity estimation functions did not check user
privileges before providing information from pg_statistic, possibly leaking
information. A non-administrative database user could use this flaw to steal
some information from tables they are otherwise not allowed to access.
(CVE-2017-7484) * It was found that the pg_user_mappings view could disclose
information about user mappings to a foreign database to non-administrative
database users. A database user with USAGE privilege for this mapping could,
when querying the view, obtain user mapping data, such as the username and
password used to connect to the foreign database. (CVE-2017-7486) Red Hat would
like to thank the PostgreSQL project for reporting these issues. Upstream
acknowledges Robert Haas as the original reporter of CVE-2017-7484 and Andrew
Wheelwright as the original reporter of CVE-2017-7486. Additional Changes: For
detailed information on changes in this release, see the Red Hat Enterprise
Linux 7.4 Release Notes linked from the References section.

Affected Software/OS:
postgresql on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7484
BugTraq ID: 98459
http://www.securityfocus.com/bid/98459
Debian Security Information: DSA-3851 (Google Search)
http://www.debian.org/security/2017/dsa-3851
https://security.gentoo.org/glsa/201710-06
RedHat Security Advisories: RHSA-2017:1677
https://access.redhat.com/errata/RHSA-2017:1677
RedHat Security Advisories: RHSA-2017:1678
https://access.redhat.com/errata/RHSA-2017:1678
RedHat Security Advisories: RHSA-2017:1838
https://access.redhat.com/errata/RHSA-2017:1838
RedHat Security Advisories: RHSA-2017:1983
https://access.redhat.com/errata/RHSA-2017:1983
RedHat Security Advisories: RHSA-2017:2425
https://access.redhat.com/errata/RHSA-2017:2425
http://www.securitytracker.com/id/1038476
Common Vulnerability Exposure (CVE) ID: CVE-2017-7486
BugTraq ID: 98460
http://www.securityfocus.com/bid/98460
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.