Alpine: postgresql: security update to 9.5.8-r0

critical Tenable Cloud Security Plugin ID 406493

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect
authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
(CVE-2017-7546)

- PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw
allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the
foreign server owners without actually having the privileges to do so. (CVE-2017-7547)

- PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote
authenticated attackers with no privileges on a large object to overwrite the entire contents of the
object, resulting in a denial of service. (CVE-2017-7548)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-7546

https://security.alpinelinux.org/vuln/CVE-2017-7547

https://security.alpinelinux.org/vuln/CVE-2017-7548

Plugin Details

Severity: Critical

ID: 406493

Version: Revision 1.31

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-7546

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/10/2017

Reference Information

CVE: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548

BID: 100275, 100276, 100278

IAVB: 2017-B-0107-S