Security update for postgresql94 (important)

ID SUSE-SU-2017:2355-1
Type suse
Reporter Suse
Modified 2017-09-05T21:07:37


This update for postgresql94 fixes the following issues:

  • CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685)
  • CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684)
  • CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)