Updated postgresql9.4 packages fix security vulnerabilities

Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...

SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)

This update for postgresql93 fixes the following issues : - bsc1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 - CVE-2017-7485: Recognize PGREQUIRESSL variable again. bsc103829...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

openSUSE Security Update : postgresql93 (openSUSE-2017-657)

This update for postgresql93 fixes the following issues : The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes : - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 -...

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

PostgreSQL vulnerabilities

The PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pgusermappings view...