openSUSE Security Update : postgresql96 (openSUSE-2017-1021)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for postgresql96 fixes the following issues :

- CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored
as user mapping options. (bsc#1051685)

- CVE-2017-7546: Disallow empty passwords in all
password-based authentication methods. (bsc#1051684)

- CVE-2017-7548: lo_put() function ignores ACLs.
(bsc#1053259)

The changelog for this release is here:
	https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1051684
https://bugzilla.opensuse.org/show_bug.cgi?id=1051685
https://bugzilla.opensuse.org/show_bug.cgi?id=1053259
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

Solution :

Update the affected postgresql96 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 103157 ()

Bugtraq ID:

CVE ID: CVE-2017-7546
CVE-2017-7547
CVE-2017-7548

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now