CVE-2017-7485

Priority
Description
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7,
and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment
variable was no longer enforcing a SSL/TLS connection to a PostgreSQL
server. An active Man-in-the-Middle attacker could use this flaw to strip
the SSL/TLS protection from a connection between a client and a server.
Notes
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (9.3.17-0ubuntu0.14.04)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.5.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (9.5.7-0ubuntu0.16.04)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.6.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (9.6.4-1)
Patches:
Upstream:https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
More Information

Updated: 2020-01-29 19:59:48 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)