FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL vulnerabilities

Affected packages
9.2.0	<=	postgresql92-client	<	9.2.20
9.3.0	<=	postgresql93-client	<	9.3.16
9.4.0	<=	postgresql94-client	<	9.4.11
9.5.0	<=	postgresql95-client	<	9.5.6
9.6.0	<=	postgresql96-client	<	9.6.2
9.2.0	<=	postgresql92-server	<	9.2.20
9.3.0	<=	postgresql93-server	<	9.3.16
9.4.0	<=	postgresql94-server	<	9.4.11
9.5.0	<=	postgresql95-server	<	9.5.6
9.6.0	<=	postgresql96-server	<	9.6.2

Details

VuXML ID	414c18bf-3653-11e7-9550-6cc21735f730
Discovery	2017-05-11
Entry	2017-05-11

The PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

CVE-2017-7484: selectivity estimators bypass SELECT privilege checks.

CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable

CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.

[source]

References

CVE Name	CVE-2016-5423
CVE Name	CVE-2016-5424