Debian Security Advisory
DSA-3936-1 postgresql-9.6 -- security update
- Date Reported:
- 10 Aug 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548.
- More information:
Several vulnerabilities have been found in the PostgreSQL database system:
In some authentication methods empty passwords were accepted.
User mappings could leak data to unprivileged users.
The lo_put() function ignored ACLs.
For more in-depth descriptions of the security vulnerabilities, please see https://www.postgresql.org/about/news/1772/
For the stable distribution (stretch), these problems have been fixed in version 9.6.4-0+deb9u1.
We recommend that you upgrade your postgresql-9.6 packages.