Lucene search

DebianDEBIAN:DSA-3935-1:22CBB

HistoryAug 10, 2017 - 9:16 p.m.

[SECURITY] [DSA 3935-1] postgresql-9.4 security update

2017-08-1021:16:19

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.2 High

AI Score

Confidence

High

0.28 Low

EPSS

Percentile

96.9%

JSON

Debian Security Advisory DSA-3935-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017 https://www.debian.org/security/faq

Package : postgresql-9.4
CVE ID : CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Several vulnerabilities have been found in the PostgreSQL database
system:

CVE-2017-7546

In some authentication methods empty passwords were accepted.

CVE-2017-7547

User mappings could leak data to unprivileged users.

CVE-2017-7548

The lo_put() function ignored ACLs.

For more in-depth descriptions of the security vulnerabilities,
please see https://www.postgresql.org/about/news/1772/

For the oldstable distribution (jessie), these problems have been fixed
in version 9.4.13-0+deb8u1.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8arm64libecpg-compat3< 9.4.13-0+deb8u1libecpg-compat3_9.4.13-0+deb8u1_arm64.deb
Debian8mipspostgresql-plperl-9.4< 9.4.13-0+deb8u1postgresql-plperl-9.4_9.4.13-0+deb8u1_mips.deb
Debian9s390xlibecpg6< 9.6.4-0+deb9u1libecpg6_9.6.4-0+deb9u1_s390x.deb
Debian9mipspostgresql-9.6< 9.6.4-0+deb9u1postgresql-9.6_9.6.4-0+deb9u1_mips.deb
Debian9arm64postgresql-9.6-dbg< 9.6.4-0+deb9u1postgresql-9.6-dbg_9.6.4-0+deb9u1_arm64.deb
Debian8kfreebsd-i386libpgtypes3< 9.4.13-0+deb8u1libpgtypes3_9.4.13-0+deb8u1_kfreebsd-i386.deb
Debian9ppc64elpostgresql-client-9.6< 9.6.4-0+deb9u1postgresql-client-9.6_9.6.4-0+deb9u1_ppc64el.deb
Debian9i386postgresql-pltcl-9.6< 9.6.4-0+deb9u1postgresql-pltcl-9.6_9.6.4-0+deb9u1_i386.deb
Debian8arm64postgresql-plpython3-9.4< 9.4.13-0+deb8u1postgresql-plpython3-9.4_9.4.13-0+deb8u1_arm64.deb
Debian8amd64libpq-dev< 9.4.13-0+deb8u1libpq-dev_9.4.13-0+deb8u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libecpg-compat3	< 9.4.13-0+deb8u1	libecpg-compat3_9.4.13-0+deb8u1_arm64.deb
Debian	8	mips	postgresql-plperl-9.4	< 9.4.13-0+deb8u1	postgresql-plperl-9.4_9.4.13-0+deb8u1_mips.deb
Debian	9	s390x	libecpg6	< 9.6.4-0+deb9u1	libecpg6_9.6.4-0+deb9u1_s390x.deb
Debian	9	mips	postgresql-9.6	< 9.6.4-0+deb9u1	postgresql-9.6_9.6.4-0+deb9u1_mips.deb
Debian	9	arm64	postgresql-9.6-dbg	< 9.6.4-0+deb9u1	postgresql-9.6-dbg_9.6.4-0+deb9u1_arm64.deb
Debian	8	kfreebsd-i386	libpgtypes3	< 9.4.13-0+deb8u1	libpgtypes3_9.4.13-0+deb8u1_kfreebsd-i386.deb
Debian	9	ppc64el	postgresql-client-9.6	< 9.6.4-0+deb9u1	postgresql-client-9.6_9.6.4-0+deb9u1_ppc64el.deb
Debian	9	i386	postgresql-pltcl-9.6	< 9.6.4-0+deb9u1	postgresql-pltcl-9.6_9.6.4-0+deb9u1_i386.deb
Debian	8	arm64	postgresql-plpython3-9.4	< 9.4.13-0+deb8u1	postgresql-plpython3-9.4_9.4.13-0+deb8u1_arm64.deb
Debian	8	amd64	libpq-dev	< 9.4.13-0+deb8u1	libpq-dev_9.4.13-0+deb8u1_amd64.deb