{"id":"MGASA-2017-0230","summary":"Updated postgresql9.4 packages fix security vulnerabilities","details":"Robert Haas discovered that some selectivity estimators did not validate user\nprivileges which could result in information disclosure (CVE-2017-7484).\n\nDaniel Gustafsson discovered that the PGREQUIRESSL environment variable did no\nlonger enforce a TLS connection (CVE-2017-7485).\n\nAndrew Wheelwright discovered that user mappings were insufficiently restricted\n(CVE-2017-7486).\n","modified":"2026-02-01T01:10:08.731532Z","published":"2017-07-30T15:58:51Z","related":["CVE-2017-7484","CVE-2017-7485","CVE-2017-7486"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0230.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20842"},{"type":"REPORT","url":"http://www.postgresql.org/docs/current/static/release-9-3-17.html"},{"type":"REPORT","url":"http://www.postgresql.org/docs/current/static/release-9-4-12.html"},{"type":"REPORT","url":"https://www.postgresql.org/about/news/1746/"}],"affected":[{"package":{"name":"postgresql9.3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.3.17-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0230.json"}},{"package":{"name":"postgresql9.4","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.4?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.4.12-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0230.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}