Security update for postgresql94
This update for postgresql94 fixes the following issues:
* CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Reinhard Max (rmax)
Fixed bugs
bnc#1051684
VUL-0: CVE-2017-7546: postgresql,postgresql94,postgresql96: Empty password accepted in some authentication methods
bnc#1051685
VUL-0: CVE-2017-7547: postgresql,postgresql94,postgresql96: pg_user_mappings view discloses passwords to users lacking server privileges
bnc#1053259
VUL-0: CVE-2017-7548: postgresql94,postgresql96,postgresql,postgresql93: lo_put() function ignores ACLs
