GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Oct 08, 2017 6:26 pm Post subject: [ GLSA 201710-06 ] PostgreSQL |
|
|
Gentoo Linux Security Advisory
Title: PostgreSQL: Multiple vulnerabilities (GLSA 201710-06)
Severity: normal
Exploitable: remote
Date: 2017-10-08
Bug(s): #618462, #627462
ID: 201710-06
Synopsis
Multiple vulnerabilities have been found in PostgreSQL, the worst
of which could result in privilege escalation.
Background
PostgreSQL is an open source object-relational database management
system.
Affected Packages
Package: dev-db/postgresql
Vulnerable: < 9.6.4
Unaffected: >= 9.6.4
Unaffected: >= 9.5.8
Unaffected: >= 9.4.13
Unaffected: >= 9.3.18
Unaffected: >= 9.2.22
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PostgreSQL. Please
review the referenced CVE identifiers for details.
Impact
A remote attacker could escalate privileges, cause a Denial of Service
condition, obtain passwords, cause a loss in information, or obtain
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL 9.6.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.4"
| All PostgreSQL 9.5.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.8"
| All PostgreSQL 9.4.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.13"
| All PostgreSQL 9.3.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.18"
| All PostgreSQL 9.2.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.22"
|
References
CVE-2017-7484
CVE-2017-7485
CVE-2017-7486
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
|
|