File _patchinfo of Package patchinfo.5422

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.5422

<patchinfo incident="5422">
  <issue id="1051684" tracker="bnc">VUL-0: CVE-2017-7546: postgresql,postgresql94,postgresql96: Empty password accepted in some authentication methods</issue>
  <issue id="1051685" tracker="bnc">VUL-0: CVE-2017-7547: postgresql,postgresql94,postgresql96: pg_user_mappings view discloses passwords to users lacking server privileges</issue>
  <issue id="1053259" tracker="bnc">VUL-0: CVE-2017-7548: postgresql94,postgresql96,postgresql,postgresql93: lo_put() function ignores ACLs</issue>
  <issue id="2017-7546" tracker="cve" />
  <issue id="2017-7547" tracker="cve" />
  <issue id="2017-7548" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>rmax</packager>
  <description>This update for postgresql94 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

</description>
  <summary>Security update for postgresql94</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.5422

Places