Security update for postgresql94 (important)

2017-08-25T18:18:34
ID SUSE-SU-2017:2258-1
Type suse
Reporter Suse
Modified 2017-08-25T18:18:34

Description

Postgresql94 was updated to 9.4.13 to fix the following issues:

  • CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685)
  • CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684)
  • CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

The changelog for this release is here: <a rel="nofollow" href="https://www.postgresql.org/docs/9.4/static/release-9-4-13.html">https://www.postgresql.org/docs/9.4/static/release-9-4-13.html</a>