Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. For the stable distribution (jessie), these problems have been fixed in version 9.4.12-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages.
Several vulnerabilities have been found in the PostgreSQL database system:
Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure.
Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection.
Andrew Wheelwright discovered that user mappings were insufficiently restricted.
For the stable distribution (jessie), these problems have been fixed in version 9.4.12-0+deb8u1.
We recommend that you upgrade your postgresql-9.4 packages.
Vulmon