You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa postgresql

Sigurnosni nedostaci programskog paketa postgresql

by ncert - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2017-d9cac37bd8
2017-08-14 20:14:24.035723
——————————————————————————–

Name : postgresql
Product : Fedora 26
Version : 9.6.4
Release : 1.fc26
URL : http://www.postgresql.org/
Summary : PostgreSQL client programs
Description :
PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you’ll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.

——————————————————————————–
Update Information:

rebase: update to 9.6.4, security fix for CVE-2017-7546 CVE-2017-7547
CVE-2017-7548 Per release notes:
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html
——————————————————————————–
References:

[ 1 ] Bug #1477187 – CVE-2017-7548 postgresql: lo_put() function ignores ACLs
https://bugzilla.redhat.com/show_bug.cgi?id=1477187
[ 2 ] Bug #1477185 – CVE-2017-7547 postgresql: pg_user_mappings view discloses passwords to users lacking server privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
[ 3 ] Bug #1477184 – CVE-2017-7546 postgresql: Empty password accepted in some authentication methods
https://bugzilla.redhat.com/show_bug.cgi?id=1477184
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade postgresql’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

ncert
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje se ažuriranje izdanim...

Close