Download
| Alert*
oval:org.secpod.oval:def:89044802
This update for postgresql94 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: lo_put ... oval:org.secpod.oval:def:505100 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite ... oval:org.secpod.oval:def:1800296 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800044 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version:¶ postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, ... oval:org.secpod.oval:def:89044850 This update for postgresql96 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: lo_put ... oval:org.secpod.oval:def:89044621 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: ... oval:org.secpod.oval:def:504966 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite ... oval:org.secpod.oval:def:1800213 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800735 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgr ... oval:org.secpod.oval:def:44445 The host is installed with PostgreSQL 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to remote denial of service vulnerability. The flaws present in the application fails to handle exceptional conditions. Successful exploitation allows attackers to cause a denial-of-servi ... oval:org.secpod.oval:def:703760 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1600767 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... oval:org.secpod.oval:def:53112 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:113099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:113066 MinGW Windows copy of PostgreSQL. PostgreSQL is an advanced Object-Relational database management system . oval:org.secpod.oval:def:113056 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:51871 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:603045 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:603041 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... |