Gentoo Linux Security Advisory 201710-6 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.6.4 are affected.
165974e03a3e00d2c81ef01f248a41fb00e38c546ce5bffa02f387a6a880db6aRed Hat Security Advisory 2017-2860-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
6d56e55b488b26d17886c954bb94e94e3b3af4cd7d29690997652965cf565de0Red Hat Security Advisory 2017-2728-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
4cd3c8541c4de30baa9269f69b84b7120b92899f2bb4fcce29e4e3c2490ef675Red Hat Security Advisory 2017-2678-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
0138deab8c975074c0ee10d06401040f468bff9128764b5dd85c21209244811bRed Hat Security Advisory 2017-2677-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
d6c03c3642ffe16040394c58a9c561fac4990d27509e6c49ad072962f56dc742Ubuntu Security Notice 3390-1 - Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. Various other issues were also addressed.
e33b896562bb08b943ad04c8e6674cec8bbae25b2a12d57296df56fa1279b924Debian Linux Security Advisory 3936-1 - Several vulnerabilities have been found in the PostgreSQL database system.
66c7a3b7cf22b115bb7384ea9597bc3a5ab8a2d482919832a30e6177465ccf24Debian Linux Security Advisory 3935-1 - Several vulnerabilities have been found in the PostgreSQL database system.
ff488fd435e41ef6c9824f010c3d622d766fb2160300338efb121d8498ad2660
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed