All errata/sisyphus/ALT-PU-2017-3641-1
ALT-PU-2017-3641-1

Package update postgresql9.6 in branch sisyphus

Version9.6.3-alt1
Task#182727
Published2017-05-10
Max severityHIGH
Severity:

Closed issues (4)

BDU:2019-03334
HIGH7.5

Уязвимость системы управления базами данных PostgreSQL, связанная с отсутствием проверки привилегии пользователя перед предоставлением информации из pg_statistic, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2019-10-01Modified: 2025-11-06
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2019-04174
MEDIUM5.9

Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю реализовать атаку типа «человек посередине»

Published: 2019-11-25
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.0MEDIUM 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:C/A:N
References
CVE-2017-7484
HIGH7.5

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Published: 2017-05-12Modified: 2025-04-20
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
CVE-2017-7485
MEDIUM5.9

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

Published: 2017-05-12Modified: 2025-04-20
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References