DSA-3851-1 postgresql-9.4 -- postgresql-9.4ID: oval:org.secpod.oval:def:602879 | Date: (C)2017-05-17 (M)2023-02-06 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted.