Candidate: CVE-2017-7486
PublicDate: 2017-05-12 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7486
 https://www.postgresql.org/about/news/1746/
Description:
 PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
 pg_user_mappings view which discloses foreign server passwords to any user
 having USAGE privilege on the associated foreign server.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Andrew Wheelwright
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_postgresql-9.6:
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
upstream_postgresql-9.6: released (9.6.3)
precise/esm_postgresql-9.6: DNE
trusty_postgresql-9.6: DNE
trusty/esm_postgresql-9.6: DNE
vivid/ubuntu-core_postgresql-9.6: DNE
vivid/stable-phone-overlay_postgresql-9.6: DNE
xenial_postgresql-9.6: DNE
yakkety_postgresql-9.6: DNE
zesty_postgresql-9.6: released (9.6.3-0ubuntu0.17.04)
artful_postgresql-9.6: not-affected (9.6.4-1)
devel_postgresql-9.6: not-affected (9.6.4-1)

Patches_postgresql-9.5:
upstream_postgresql-9.5: released (9.5.7)
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
trusty/esm_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
vivid/stable-phone-overlay_postgresql-9.5: DNE
xenial_postgresql-9.5: released (9.5.7-0ubuntu0.16.04)
esm-infra/xenial_postgresql-9.5: released (9.5.7-0ubuntu0.16.04)
yakkety_postgresql-9.5: ignored (reached end-of-life)
zesty_postgresql-9.5: DNE
artful_postgresql-9.5: DNE
devel_postgresql-9.5: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: needed
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.17-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.17-0ubuntu0.14.04)
vivid/ubuntu-core_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
artful_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: not-affected
precise/esm_postgresql-9.1: not-affected
trusty_postgresql-9.1: not-affected
trusty/esm_postgresql-9.1: DNE (trusty was not-affected)
vivid/ubuntu-core_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
artful_postgresql-9.1: DNE
devel_postgresql-9.1: DNE