← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

Candidate: CVE-2017-7484
PublicDate: 2017-05-12
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7484
 https://www.postgresql.org/about/news/1746/
Description:
 It was found that some selectivity estimation functions in PostgreSQL
 before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
 providing information from pg_statistic, possibly leaking information. An
 unprivileged attacker could use this flaw to steal some information from
 tables they are otherwise not allowed to access.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Robert Haas
Assigned-to:

Patches_postgresql-9.6:
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
upstream_postgresql-9.6: released (9.6.3)
precise/esm_postgresql-9.6: DNE
trusty_postgresql-9.6: DNE
vivid/ubuntu-core_postgresql-9.6: DNE
vivid/stable-phone-overlay_postgresql-9.6: DNE
xenial_postgresql-9.6: DNE
yakkety_postgresql-9.6: DNE
zesty_postgresql-9.6: released (9.6.3-0ubuntu0.17.04)
devel_postgresql-9.6: not-affected (9.6.4-1)

Patches_postgresql-9.5:
upstream_postgresql-9.5: released (9.5.7)
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
vivid/stable-phone-overlay_postgresql-9.5: DNE
xenial_postgresql-9.5: released (9.5.7-0ubuntu0.16.04)
yakkety_postgresql-9.5: ignored (reached end-of-life)
zesty_postgresql-9.5: DNE
devel_postgresql-9.5: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: needed
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: needed
vivid/ubuntu-core_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: needed
precise/esm_postgresql-9.1: needed
trusty_postgresql-9.1: needed
vivid/ubuntu-core_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE