Launchpad.net

CVE 2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Related bugs and status

CVE-2017-7484 (Candidate) is related to these bugs:

Bug #1690730: New upstream microreleases 9.3.17, 9.5.7 and 9.6.3

		In	Importance	Status
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.5 (Ubuntu)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.5 (Ubuntu Yakkety)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.5 (Ubuntu Xenial)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.6 (Ubuntu)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.6 (Ubuntu Zesty)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.3 (Ubuntu)	High	Fix Released
1690730	New upstream microreleases 9.3.17, 9.5.7 and 9.6.3	postgresql-9.3 (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.postgresql...
BID: 98459
SECTRACK: 1038476
GENTOO: GLSA-201710-06
DEBIAN: DSA-3851
REDHAT: RHSA-2017:1677
REDHAT: RHSA-2017:1678
REDHAT: RHSA-2017:1838
REDHAT: RHSA-2017:1983
REDHAT: RHSA-2017:2425