Candidate: CVE-2017-7484
PublicDate: 2017-05-12 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7484
 https://www.postgresql.org/about/news/1746/
Description:
 It was found that some selectivity estimation functions in PostgreSQL
 before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
 providing information from pg_statistic, possibly leaking information. An
 unprivileged attacker could use this flaw to steal some information from
 tables they are otherwise not allowed to access.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Robert Haas
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_postgresql-10:
upstream_postgresql-10: needs-triage
precise/esm_postgresql-10: DNE
trusty_postgresql-10: DNE
trusty/esm_postgresql-10: DNE
xenial_postgresql-10: DNE
zesty_postgresql-10: DNE
artful_postgresql-10: DNE
bionic_postgresql-10: not-affected (10.1-1)
cosmic_postgresql-10: not-affected (10.1-1)
disco_postgresql-10: DNE
devel_postgresql-10: DNE


Patches_postgresql-9.6:
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
upstream_postgresql-9.6: released (9.6.3)
precise/esm_postgresql-9.6: DNE
trusty_postgresql-9.6: DNE
trusty/esm_postgresql-9.6: DNE
vivid/ubuntu-core_postgresql-9.6: DNE
vivid/stable-phone-overlay_postgresql-9.6: DNE
xenial_postgresql-9.6: DNE
yakkety_postgresql-9.6: DNE
zesty_postgresql-9.6: released (9.6.3-0ubuntu0.17.04)
artful_postgresql-9.6: not-affected (9.6.4-1)
bionic_postgresql-9.6: DNE
cosmic_postgresql-9.6: DNE
disco_postgresql-9.6: DNE
devel_postgresql-9.6: DNE

Patches_postgresql-9.5:
upstream_postgresql-9.5: released (9.5.7)
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
trusty/esm_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
vivid/stable-phone-overlay_postgresql-9.5: DNE
xenial_postgresql-9.5: released (9.5.7-0ubuntu0.16.04)
esm-infra/xenial_postgresql-9.5: released (9.5.7-0ubuntu0.16.04)
yakkety_postgresql-9.5: ignored (reached end-of-life)
zesty_postgresql-9.5: DNE
artful_postgresql-9.5: DNE
bionic_postgresql-9.5: DNE
cosmic_postgresql-9.5: DNE
disco_postgresql-9.5: DNE
devel_postgresql-9.5: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: needed
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.17-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.17-0ubuntu0.14.04)
vivid/ubuntu-core_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
artful_postgresql-9.3: DNE
bionic_postgresql-9.3: DNE
cosmic_postgresql-9.3: DNE
disco_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: needed
precise/esm_postgresql-9.1: ignored
trusty_postgresql-9.1: ignored (reached end-of-life)
trusty/esm_postgresql-9.1: DNE (trusty was needed)
vivid/ubuntu-core_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
artful_postgresql-9.1: DNE
bionic_postgresql-9.1: DNE
cosmic_postgresql-9.1: DNE
disco_postgresql-9.1: DNE
devel_postgresql-9.1: DNE