Your submission was sent successfully! Close

CVE-2017-7486

Published: 12 May 2017

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
postgresql-9.3
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (9.3.17-0ubuntu0.14.04)
postgresql-9.5
Launchpad, Ubuntu, Debian
Upstream
Released (9.5.7)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (9.5.7-0ubuntu0.16.04)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.6
Launchpad, Ubuntu, Debian
Upstream
Released (9.6.3)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808