csaf_suse - suse-su-2017:1690-1

suse-su-2017:1690-1

Vulnerability from csaf_suse

Published

2017-06-26 11:21

Modified

2017-06-26 11:21

Summary

Security update for postgresql94

Notes

Title of the patch

Security update for postgresql94

Description of the patch

This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs: - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed: * CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. * CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) * CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12: * Build corruption with CREATE INDEX CONCURRENTLY * Fixes for visibility and write-ahead-log stability Changes in version 9.4.10: * Fix WAL-logging of truncation of relation free space maps and visibility maps * Fix incorrect creation of GIN index WAL records on big-endian machines * Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction * Fix EvalPlanQual rechecks involving CTE scans * Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6.

Patchnames

SUSE-SLE-DESKTOP-12-SP2-2017-1039,SUSE-SLE-RPI-12-SP2-2017-1039,SUSE-SLE-SDK-12-SP2-2017-1039,SUSE-SLE-SERVER-12-SP2-2017-1039

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for postgresql94",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for postgresql94 to 9.4.12 fixes the following issues:\n\nUpstream changelogs:\n\n- https://www.postgresql.org/docs/9.4/static/release-9-4-12.html\n- https://www.postgresql.org/docs/9.4/static/release-9-4-11.html\n- https://www.postgresql.org/docs/9.4/static/release-9-4-10.html\n\nSecurity issues fixed:\n\n* CVE-2017-7486: Restrict visibility of\n  pg_user_mappings.umoptions, to protect passwords stored as\n  user mapping options. (bsc#1037624)\n\n  Please note that manual action is needed to fix this in existing databases\n  See the upstream release notes for details.\n* CVE-2017-7485: recognize PGREQUIRESSL variable\n  again. (bsc#1038293)\n* CVE-2017-7484: Prevent exposure of statistical\n  information via leaky operators. (bsc#1037603)\n\nChanges in version 9.4.12:\n\n* Build corruption with CREATE INDEX CONCURRENTLY\n* Fixes for visibility and write-ahead-log stability\n\nChanges in version 9.4.10:\n\n* Fix WAL-logging of truncation of relation free space maps and\n  visibility maps\n* Fix incorrect creation of GIN index WAL records on big-endian\n  machines\n* Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have\n  been updated by a subsequently-aborted transaction\n* Fix EvalPlanQual rechecks involving CTE scans\n* Fix improper repetition of previous results from hashed\n  aggregation in a subquery\n\nThe libraries libpq and libecpg are now supplied by postgresql 9.6.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP2-2017-1039,SUSE-SLE-RPI-12-SP2-2017-1039,SUSE-SLE-SDK-12-SP2-2017-1039,SUSE-SLE-SERVER-12-SP2-2017-1039",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1690-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:1690-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171690-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:1690-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-June/002981.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037603",
        "url": "https://bugzilla.suse.com/1037603"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037624",
        "url": "https://bugzilla.suse.com/1037624"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038293",
        "url": "https://bugzilla.suse.com/1038293"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7484 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7484/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7485 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7485/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7486 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7486/"
      }
    ],
    "title": "Security update for postgresql94",
    "tracking": {
      "current_release_date": "2017-06-26T11:21:37Z",
      "generator": {
        "date": "2017-06-26T11:21:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:1690-1",
      "initial_release_date": "2017-06-26T11:21:37Z",
      "revision_history": [
        {
          "date": "2017-06-26T11:21:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql94-9.4.12-20.1.aarch64",
                "product": {
                  "name": "postgresql94-9.4.12-20.1.aarch64",
                  "product_id": "postgresql94-9.4.12-20.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-contrib-9.4.12-20.1.aarch64",
                "product": {
                  "name": "postgresql94-contrib-9.4.12-20.1.aarch64",
                  "product_id": "postgresql94-contrib-9.4.12-20.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-server-9.4.12-20.1.aarch64",
                "product": {
                  "name": "postgresql94-server-9.4.12-20.1.aarch64",
                  "product_id": "postgresql94-server-9.4.12-20.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-devel-9.4.12-20.1.aarch64",
                "product": {
                  "name": "postgresql94-devel-9.4.12-20.1.aarch64",
                  "product_id": "postgresql94-devel-9.4.12-20.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql94-docs-9.4.12-20.1.noarch",
                "product": {
                  "name": "postgresql94-docs-9.4.12-20.1.noarch",
                  "product_id": "postgresql94-docs-9.4.12-20.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql94-devel-9.4.12-20.1.ppc64le",
                "product": {
                  "name": "postgresql94-devel-9.4.12-20.1.ppc64le",
                  "product_id": "postgresql94-devel-9.4.12-20.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-9.4.12-20.1.ppc64le",
                "product": {
                  "name": "postgresql94-9.4.12-20.1.ppc64le",
                  "product_id": "postgresql94-9.4.12-20.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-contrib-9.4.12-20.1.ppc64le",
                "product": {
                  "name": "postgresql94-contrib-9.4.12-20.1.ppc64le",
                  "product_id": "postgresql94-contrib-9.4.12-20.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-server-9.4.12-20.1.ppc64le",
                "product": {
                  "name": "postgresql94-server-9.4.12-20.1.ppc64le",
                  "product_id": "postgresql94-server-9.4.12-20.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql94-devel-9.4.12-20.1.s390x",
                "product": {
                  "name": "postgresql94-devel-9.4.12-20.1.s390x",
                  "product_id": "postgresql94-devel-9.4.12-20.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-9.4.12-20.1.s390x",
                "product": {
                  "name": "postgresql94-9.4.12-20.1.s390x",
                  "product_id": "postgresql94-9.4.12-20.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-contrib-9.4.12-20.1.s390x",
                "product": {
                  "name": "postgresql94-contrib-9.4.12-20.1.s390x",
                  "product_id": "postgresql94-contrib-9.4.12-20.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-server-9.4.12-20.1.s390x",
                "product": {
                  "name": "postgresql94-server-9.4.12-20.1.s390x",
                  "product_id": "postgresql94-server-9.4.12-20.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql94-9.4.12-20.1.x86_64",
                "product": {
                  "name": "postgresql94-9.4.12-20.1.x86_64",
                  "product_id": "postgresql94-9.4.12-20.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-devel-9.4.12-20.1.x86_64",
                "product": {
                  "name": "postgresql94-devel-9.4.12-20.1.x86_64",
                  "product_id": "postgresql94-devel-9.4.12-20.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-contrib-9.4.12-20.1.x86_64",
                "product": {
                  "name": "postgresql94-contrib-9.4.12-20.1.x86_64",
                  "product_id": "postgresql94-contrib-9.4.12-20.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql94-server-9.4.12-20.1.x86_64",
                "product": {
                  "name": "postgresql94-server-9.4.12-20.1.x86_64",
                  "product_id": "postgresql94-server-9.4.12-20.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-docs-9.4.12-20.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch"
        },
        "product_reference": "postgresql94-docs-9.4.12-20.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-devel-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-devel-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-devel-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-devel-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-devel-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-devel-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-devel-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-devel-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-docs-9.4.12-20.1.noarch as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch"
        },
        "product_reference": "postgresql94-docs-9.4.12-20.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-contrib-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-contrib-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-docs-9.4.12-20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch"
        },
        "product_reference": "postgresql94-docs-9.4.12-20.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql94-server-9.4.12-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64"
        },
        "product_reference": "postgresql94-server-9.4.12-20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7484",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7484"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7484",
          "url": "https://www.suse.com/security/cve/CVE-2017-7484"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037603 for CVE-2017-7484",
          "url": "https://bugzilla.suse.com/1037603"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051015 for CVE-2017-7484",
          "url": "https://bugzilla.suse.com/1051015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-26T11:21:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7484"
    },
    {
      "cve": "CVE-2017-7485",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7485"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7485",
          "url": "https://www.suse.com/security/cve/CVE-2017-7485"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038293 for CVE-2017-7485",
          "url": "https://bugzilla.suse.com/1038293"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051015 for CVE-2017-7485",
          "url": "https://bugzilla.suse.com/1051015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-26T11:21:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7485"
    },
    {
      "cve": "CVE-2017-7486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7486",
          "url": "https://www.suse.com/security/cve/CVE-2017-7486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037624 for CVE-2017-7486",
          "url": "https://bugzilla.suse.com/1037624"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051015 for CVE-2017-7486",
          "url": "https://bugzilla.suse.com/1051015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051685 for CVE-2017-7486",
          "url": "https://bugzilla.suse.com/1051685"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-contrib-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-docs-9.4.12-20.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:postgresql94-server-9.4.12-20.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP2:postgresql94-devel-9.4.12-20.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-26T11:21:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7486"
    }
  ]
}

CVE-2017-7485 (GCVE-0-2017-7485)

Vulnerability from cvelistv5

Published

2017-05-12 19:00

Modified

2024-08-05 16:04

Severity ?

CWE

CWE-390

Summary

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038476	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2017/dsa-3851	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1678	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1677	vendor-advisory, x_refsource_REDHAT
	https://www.postgresql.org/about/news/1746/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1838	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/98461	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The PostgreSQL Global Development Group	PostgreSQL	Version: 9.3 - 9.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038476",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038476"
          },
          {
            "name": "DSA-3851",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3851"
          },
          {
            "name": "RHSA-2017:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2425"
          },
          {
            "name": "RHSA-2017:1678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1678"
          },
          {
            "name": "RHSA-2017:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1677"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1746/"
          },
          {
            "name": "RHSA-2017:1838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1838"
          },
          {
            "name": "98461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98461"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 - 9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1038476",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038476"
        },
        {
          "name": "DSA-3851",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3851"
        },
        {
          "name": "RHSA-2017:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2425"
        },
        {
          "name": "RHSA-2017:1678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1678"
        },
        {
          "name": "RHSA-2017:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1677"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1746/"
        },
        {
          "name": "RHSA-2017:1838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1838"
        },
        {
          "name": "98461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98461"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.3 - 9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038476",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038476"
            },
            {
              "name": "DSA-3851",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3851"
            },
            {
              "name": "RHSA-2017:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2425"
            },
            {
              "name": "RHSA-2017:1678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1678"
            },
            {
              "name": "RHSA-2017:1677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1677"
            },
            {
              "name": "https://www.postgresql.org/about/news/1746/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1746/"
            },
            {
              "name": "RHSA-2017:1838",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1838"
            },
            {
              "name": "98461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98461"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7485",
    "datePublished": "2017-05-12T19:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7484 (GCVE-0-2017-7484)

Vulnerability from cvelistv5

Published

2017-05-12 19:00

Modified

2024-08-05 16:04

Severity ?

CWE

CWE-285

Summary

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038476	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2017/dsa-3851	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1678	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1677	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1983	vendor-advisory, x_refsource_REDHAT
	https://www.postgresql.org/about/news/1746/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1838	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/98459	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The PostgreSQL Global Development Group	PostgreSQL	Version: 9.2 - 9.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038476",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038476"
          },
          {
            "name": "DSA-3851",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3851"
          },
          {
            "name": "RHSA-2017:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2425"
          },
          {
            "name": "RHSA-2017:1678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1678"
          },
          {
            "name": "RHSA-2017:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1677"
          },
          {
            "name": "RHSA-2017:1983",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1983"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1746/"
          },
          {
            "name": "RHSA-2017:1838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1838"
          },
          {
            "name": "98459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98459"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "9.2 - 9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1038476",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038476"
        },
        {
          "name": "DSA-3851",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3851"
        },
        {
          "name": "RHSA-2017:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2425"
        },
        {
          "name": "RHSA-2017:1678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1678"
        },
        {
          "name": "RHSA-2017:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1677"
        },
        {
          "name": "RHSA-2017:1983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1983"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1746/"
        },
        {
          "name": "RHSA-2017:1838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1838"
        },
        {
          "name": "98459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98459"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7484",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2 - 9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038476",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038476"
            },
            {
              "name": "DSA-3851",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3851"
            },
            {
              "name": "RHSA-2017:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2425"
            },
            {
              "name": "RHSA-2017:1678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1678"
            },
            {
              "name": "RHSA-2017:1677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1677"
            },
            {
              "name": "RHSA-2017:1983",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1983"
            },
            {
              "name": "https://www.postgresql.org/about/news/1746/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1746/"
            },
            {
              "name": "RHSA-2017:1838",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1838"
            },
            {
              "name": "98459",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98459"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7484",
    "datePublished": "2017-05-12T19:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7486 (GCVE-0-2017-7486)

Vulnerability from cvelistv5

Published

2017-05-12 19:00

Modified

2024-08-05 16:04

Severity ?

CWE

CWE-522

Summary

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038476	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2017/dsa-3851	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1678	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1677	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1983	vendor-advisory, x_refsource_REDHAT
	https://www.postgresql.org/about/news/1746/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1838	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/98460	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The PostgreSQL Global Development Group	PostgreSQL	Version: 8.4 - 9.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038476",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038476"
          },
          {
            "name": "DSA-3851",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3851"
          },
          {
            "name": "RHSA-2017:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2425"
          },
          {
            "name": "RHSA-2017:1678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1678"
          },
          {
            "name": "RHSA-2017:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1677"
          },
          {
            "name": "RHSA-2017:1983",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1983"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1746/"
          },
          {
            "name": "RHSA-2017:1838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1838"
          },
          {
            "name": "98460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98460"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "8.4 - 9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1038476",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038476"
        },
        {
          "name": "DSA-3851",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3851"
        },
        {
          "name": "RHSA-2017:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2425"
        },
        {
          "name": "RHSA-2017:1678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1678"
        },
        {
          "name": "RHSA-2017:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1677"
        },
        {
          "name": "RHSA-2017:1983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1983"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1746/"
        },
        {
          "name": "RHSA-2017:1838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1838"
        },
        {
          "name": "98460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98460"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4 - 9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038476",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038476"
            },
            {
              "name": "DSA-3851",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3851"
            },
            {
              "name": "RHSA-2017:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2425"
            },
            {
              "name": "RHSA-2017:1678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1678"
            },
            {
              "name": "RHSA-2017:1677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1677"
            },
            {
              "name": "RHSA-2017:1983",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1983"
            },
            {
              "name": "https://www.postgresql.org/about/news/1746/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1746/"
            },
            {
              "name": "RHSA-2017:1838",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1838"
            },
            {
              "name": "98460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98460"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7486",
    "datePublished": "2017-05-12T19:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2017:1690-1

Vulnerability from csaf_suse

CVE-2017-7485 (GCVE-0-2017-7485)

Vulnerability from cvelistv5

CVE-2017-7484 (GCVE-0-2017-7484)

Vulnerability from cvelistv5

CVE-2017-7486 (GCVE-0-2017-7486)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature