Denial Of Service (DoS)

PostgreSQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit an access control flaw in the loput function to change the data in a large object and cause denial of service conditions which leads application to a crash...

Security update for postgresql95 (important)

This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: https://www.postgresql.org/docs/9.5/static/release-9-5-11.html CVE-2018-1053, boo1077983: Ensure that all temporary files made by pgupgrade are non-world-readable. boo1079757: Rename...

Vulnerability in core server (CVE-2017-7548)

loput function ignores ACLs...

openSUSE Security Update : postgresql96 (openSUSE-2017-1021)

This update for postgresql96 fixes the following issues : - CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 - CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684 -...

openSUSE Security Update : postgresql94 (openSUSE-2017-1020)

This update for postgresql94 fixes the following issues : - CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 - CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684 -...

postgresql: lo_put() function ignores ACLs

An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service...

Security update for postgresql94 (important)

This update for postgresql94 fixes the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2017:2356-1)

This update for postgresql96 fixes the following issues : - CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 - CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684 -...

Amazon Linux AMI : postgresql94 / postgresql95 (ALAS-2017-885)

pgusermappings view discloses passwords to users lacking server privileges : An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user...

Security update for postgresql93 (important)

Postgresql93 was updated to 9.3.18 to fix the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

MGASA-2017-0316 Updated postgresql9.3/4/6 packages fix security vulnerabilities

libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...

SUSE-SU-2017:2236-1 Security update for postgresql93

Postgresql93 was updated to 9.3.18 to fix the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

Debian DSA-3935-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7546 In some authentication methods empty passwords were accepted. - CVE-2017-7547 User mappings could leak data to unprivileged users. - CVE-2017-7548 The loput function ignored ACLs. For more in-depth...

FreeBSD : PostgreSQL vulnerabilities (982872f1-7dd3-11e7-9736-6cc21735f730)

The PostgreSQL project reports : - CVE-2017-7546: Empty password accepted in some authentication methods - CVE-2017-7547: The 'pgusermappings' catalog view discloses passwords to users lacking server privileges - CVE-2017-7548: loput function ignores ACLs %NASLMINLEVEL 70300 C Tenable Network...