CVE-2017-7486

Priority
Description
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
pg_user_mappings view which discloses foreign server passwords to any user
having USAGE privilege on the associated foreign server.
Notes
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (9.3.17-0ubuntu0.14.04)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.5.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (9.5.7-0ubuntu0.16.04)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.6.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (9.6.4-1)
Patches:
Upstream:https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
More Information

Updated: 2020-09-10 05:41:21 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)