First Last Prev Next    This bug is not in your last search results.
Bug 1037624 - (CVE-2017-7486) VUL-0: CVE-2017-7486: postgresql: pg_user_mappings view discloses foreign server passwords
(CVE-2017-7486)
VUL-0: CVE-2017-7486: postgresql: pg_user_mappings view discloses foreign ser...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-7486:3.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-04 14:46 UTC by Marcus Meissner
Modified: 2018-11-07 16:25 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
postgresql-CVE-2017-7486.patch (7.04 KB, patch)
2017-05-29 11:26 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Marcus Meissner 2017-05-11 14:42:59 UTC 
is public now

https://www.postgresql.org/about/news/1746/

CVE-2017-7486: pg_user_mappings view discloses foreign server passwords
Comment 5 Bernhard Wiedemann 2017-05-17 06:01:46 UTC 
This is an autogenerated message for OBS integration:
This bug (1037624) was mentioned in
https://build.opensuse.org/request/show/495375 Factory / postgresql95
Comment 6 Marcus Meissner 2017-05-29 11:26:18 UTC 
Created attachment 726788 [details]
postgresql-CVE-2017-7486.patch

extract from git master of postgresql.

the only commit associated with CVE-2017-7486.

It also embeds testcase changes.
Comment 7 Swamp Workflow Management 2017-05-30 16:10:14 UTC 
SUSE-SU-2017:1441-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1029547,1037603,1037624,1038293
CVE References: CVE-2017-7484,CVE-2017-7485,CVE-2017-7486
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    postgresql93-9.3.17-24.2
SUSE Linux Enterprise Server 12-LTSS (src):    postgresql93-9.3.17-24.2
Comment 8 Swamp Workflow Management 2017-06-06 22:08:44 UTC 
openSUSE-SU-2017:1495-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1037603,1037624,1038293
CVE References: CVE-2017-7484,CVE-2017-7485,CVE-2017-7486
Sources used:
openSUSE Leap 42.2 (src):    postgresql93-9.3.17-5.9.1, postgresql93-libs-9.3.17-5.9.1
Comment 10 Swamp Workflow Management 2017-06-26 16:12:17 UTC 
SUSE-SU-2017:1690-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1037603,1037624,1038293
CVE References: CVE-2017-7484,CVE-2017-7485,CVE-2017-7486
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    postgresql94-libs-9.4.12-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    postgresql94-9.4.12-20.1
SUSE Linux Enterprise Server 12-SP2 (src):    postgresql94-9.4.12-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    postgresql94-9.4.12-20.1
Comment 11 Swamp Workflow Management 2017-07-04 19:14:40 UTC 
openSUSE-SU-2017:1772-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1037603,1037624,1038293
CVE References: CVE-2017-7484,CVE-2017-7485,CVE-2017-7486
Sources used:
openSUSE Leap 42.2 (src):    postgresql94-9.4.12-9.6.1, postgresql94-libs-9.4.12-9.6.1
Comment 12 Swamp Workflow Management 2017-07-05 19:10:05 UTC 
SUSE-SU-2017:1783-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1029547,1037603,1037624,1038293
CVE References: CVE-2017-7484,CVE-2017-7485,CVE-2017-7486
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    postgresql94-libs-9.4.12-0.22.3
SUSE Linux Enterprise Server 11-SP4 (src):    postgresql94-9.4.12-0.22.3, postgresql94-libs-9.4.12-0.22.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    postgresql94-9.4.12-0.22.3, postgresql94-libs-9.4.12-0.22.3
Comment 13 Marcus Meissner 2017-08-07 16:15:12 UTC 
released
Comment 14 Bernhard Wiedemann 2017-08-11 14:04:52 UTC 
This is an autogenerated message for OBS integration:
This bug (1037624) was mentioned in
https://build.opensuse.org/request/show/516114 Factory / postgresql93
First Last Prev Next    This bug is not in your last search results.