Debian Security Advisory
DSA-3935-1 postgresql-9.4 -- security update
- Date Reported:
- 10 Aug 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548.
- More information:
Several vulnerabilities have been found in the PostgreSQL database system:
In some authentication methods empty passwords were accepted.
User mappings could leak data to unprivileged users.
The lo_put() function ignored ACLs.
For more in-depth descriptions of the security vulnerabilities, please see https://www.postgresql.org/about/news/1772/
For the oldstable distribution (jessie), these problems have been fixed in version 9.4.13-0+deb8u1.
We recommend that you upgrade your postgresql-9.4 packages.