Oracle Linux: CVE-2017-7486: ELSA-2017-1983: postgresql security and enhancement update (MODERATE) (Multiple Advisories)
Description
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.
Solution(s)
- oracle-linux-upgrade-postgresql
- oracle-linux-upgrade-postgresql-contrib
- oracle-linux-upgrade-postgresql-devel
- oracle-linux-upgrade-postgresql-docs
- oracle-linux-upgrade-postgresql-libs
- oracle-linux-upgrade-postgresql-plperl
- oracle-linux-upgrade-postgresql-plpython
- oracle-linux-upgrade-postgresql-pltcl
- oracle-linux-upgrade-postgresql-server
- oracle-linux-upgrade-postgresql-static
- oracle-linux-upgrade-postgresql-test
- oracle-linux-upgrade-postgresql-upgrade
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center