Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for postgresql96

This update for postgresql96 fixes the following issues:

* CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

The changelog for this release is here:
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1051684
VUL-0: CVE-2017-7546: postgresql,postgresql94,postgresql96: Empty password accepted in some authentication methods
bnc#1051685
VUL-0: CVE-2017-7547: postgresql,postgresql94,postgresql96: pg_user_mappings view discloses passwords to users lacking server privileges
bnc#1053259
VUL-0: CVE-2017-7548: postgresql94,postgresql96,postgresql,postgresql93: lo_put() function ignores ACLs
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
Selected Binaries
openSUSE Build Service is sponsored by
Places