Scientific Linux Security Update : postgresql on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The following packages have been upgraded to a later upstream version:
postgresql (9.2.21).

Security Fix(es) :

- It was found that some selectivity estimation functions
did not check user privileges before providing
information from pg_statistic, possibly leaking
information. A non-administrative database user could
use this flaw to steal some information from tables they
are otherwise not allowed to access. (CVE-2017-7484)

- It was found that the pg_user_mappings view could
disclose information about user mappings to a foreign
database to non-administrative database users. A
database user with USAGE privilege for this mapping
could, when querying the view, obtain user mapping data,
such as the username and password used to connect to the
foreign database. (CVE-2017-7486)

See also :

http://www.nessus.org/u?5a2a0dde

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 102653 ()

Bugtraq ID:

CVE ID: CVE-2017-7484
CVE-2017-7486

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now