Package        : postgresql-9.1
Version        : 9.1.24-0+deb7u1
CVE ID         : CVE-2017-7486 CVE-2017-7546 CVE-2017-7547
Debian Bug     :

Several vulnerabilities have been found in the PostgreSQL database
system:

CVE-2017-7486

    Andrew Wheelwright discovered that user mappings were insufficiently
    restricted.

CVE-2017-7546

    In some authentication methods empty passwords were accepted.

CVE-2017-7547

    User mappings could leak data to unprivileged users.

For Debian 7 "Wheezy", these problems have been fixed in version
9.1.24lts2-0+deb7u1.

We recommend that you upgrade your postgresql-9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-1051-1: postgresql-9.1 security update

August 10, 2017
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7486

Summary

Andrew Wheelwright discovered that user mappings were insufficiently
restricted.

CVE-2017-7546

In some authentication methods empty passwords were accepted.

CVE-2017-7547

User mappings could leak data to unprivileged users.

For Debian 7 "Wheezy", these problems have been fixed in version
9.1.24lts2-0+deb7u1.

We recommend that you upgrade your postgresql-9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package        : postgresql-9.1
Version : 9.1.24-0+deb7u1
CVE ID : CVE-2017-7486 CVE-2017-7546 CVE-2017-7547
Debian Bug :

Related News