Scientific Linux Security Update : postgresql on SL7.x x86_64
Medium Nessus Plugin ID 102653
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThe following packages have been upgraded to a later upstream version:
Security Fix(es) :
- It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484)
- It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486)
SolutionUpdate the affected packages.