-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3936-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put() function ignored ACLs. For more in-depth descriptions of the security vulnerabilities, please see https://www.postgresql.org/about/news/1772/ For the stable distribution (stretch), these problems have been fixed in version 9.6.4-0+deb9u1. We recommend that you upgrade your postgresql-9.6 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlmMyu8ACgkQEMKTtsN8 TjY4TA//ZeCZDdLmLZE09WcDTwpsvcb6ZEdEj3jekMswPP6WHkZlnpVSX711Cyv0 veck/xojcIdGl6oki2/OM7ErJ3L7eteGLqswzWmsOk7lWSya5/EJCIV+DXGOhqnI ESSADLI+hLwoFqxGjYwbLfpyo7Mxpwfw42fRVVC++T2+7cG4BBsLJh++sOL/tIiD OEhVgK5NK+4r7E8ZpCcLW4BZBMPt6V31Pr0sXSa8gQ7D7LbNvI+v/L5cgZTL8Ewf WWf9NyWDgY06s+BvNxtNXwoeT9WTwigV3IFuwe5pmoRlwNdqGxIZBdUBd9tXDY1Y T6BrpHa0dyZVhNFL8TM8o8kOzZjpg5hiDzXDfeyGpOqEy6psdNll4kO66/XN0yoF LpQ60uMlmNso99vAuyY9S6/DoMRKVQifJT7epA8y0lF4T/YG0YN6nCeYwSsFQGOU gAhTgQIxxYnmu9pBDS7eFVijxBs7GfakGMF/VZ4VQ+1R3DGFncbyCVdJqiVUw9Db t7vym8cfUjaox9LuedGhXBdBxoy2cBdwvJ8BlAbHhmQ7O+mVrDbp1nqBN1bQaZo8 mWdaLdNM2PxVW5RGGYjSLdE7VgtCDEacTxiea1S4Q/ZvnoPV7qwvwo9a5RoaB+v3 5hd9SDcBvhrTNHDr8tRhr+yHMVjQZ8tvfMlR8WmLK7xM2Pnsdpo= =mzAD -----END PGP SIGNATURE-----