|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for postgresql RHSA-2017:1983-01|
|Summary:||The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.
PostgreSQL is an advanced object-relational
database management system (DBMS). The following packages have been upgraded to
a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es): *
It was found that some selectivity estimation functions did not check user
privileges before providing information from pg_statistic, possibly leaking
information. A non-administrative database user could use this flaw to steal
some information from tables they are otherwise not allowed to access.
(CVE-2017-7484) * It was found that the pg_user_mappings view could disclose
information about user mappings to a foreign database to non-administrative
database users. A database user with USAGE privilege for this mapping could,
when querying the view, obtain user mapping data, such as the username and
password used to connect to the foreign database. (CVE-2017-7486) Red Hat would
like to thank the PostgreSQL project for reporting these issues. Upstream
acknowledges Robert Haas as the original reporter of CVE-2017-7484 and Andrew
Wheelwright as the original reporter of CVE-2017-7486. Additional Changes: For
detailed information on changes in this release, see the Red Hat Enterprise
Linux 7.4 Release Notes linked from the References section.
postgresql on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-7484|
BugTraq ID: 98459
Debian Security Information: DSA-3851 (Google Search)
RedHat Security Advisories: RHSA-2017:1677
RedHat Security Advisories: RHSA-2017:1678
RedHat Security Advisories: RHSA-2017:1838
RedHat Security Advisories: RHSA-2017:1983
RedHat Security Advisories: RHSA-2017:2425
Common Vulnerability Exposure (CVE) ID: CVE-2017-7486
BugTraq ID: 98460
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.