Alpine: postgresql: security update to 9.6.2-r4 (deprecated)

high Tenable Cloud Security Plugin ID 400868

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17,
9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use
this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484)

- In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was
found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a
PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS
protection from a connection between a client and a server. (CVE-2017-7485)

See Also

https://git.alpinelinux.org/aports/commit/?id=02d4386ee32c954ca299bd440c0fc0a72b5c422e

https://git.alpinelinux.org/aports/commit/?id=d116ac43af74d2460e4d17ca1a9d175b24467cb8

Plugin Details

Severity: High

ID: 400868

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-7484

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2017

Vulnerability Publication Date: 5/11/2017

Reference Information

CVE: CVE-2017-7484, CVE-2017-7485

BID: 98459, 98461

IAVB: 2017-B-0056-S