* New upstream release (LP: #1690730)
- Restrict visibility of pg_user_mappings.umoptions, to protect passwords
stored as user mapping options (CVE-2017-7486)
- Prevent exposure of statistical information via leaky operators
(CVE-2017-7484)
- Restore libpq's recognition of the PGREQUIRESSL environment variable
(CVE-2017-7485)
- A dump/restore is not required for those running 9.5.X.
- However, if you use foreign data servers that make use of user passwords
for authentication, see the first changelog entry.
- Also, if you are using third-party replication tools that depend on
"logical decoding", see the fourth changelog entry.
This bug was fixed in the package postgresql-9.5 - 9.5.7-0ubuntu0. 16.04
--------------- 0ubuntu0. 16.04) xenial; urgency=medium
postgresql-9.5 (9.5.7-
* New upstream release (LP: #1690730) mappings. umoptions, to protect passwords CVE-2017- 7484) CVE-2017- 7485)
- Restrict visibility of pg_user_
stored as user mapping options (CVE-2017-7486)
- Prevent exposure of statistical information via leaky operators
(
- Restore libpq's recognition of the PGREQUIRESSL environment variable
(
- A dump/restore is not required for those running 9.5.X.
- However, if you use foreign data servers that make use of user passwords
for authentication, see the first changelog entry.
- Also, if you are using third-party replication tools that depend on
"logical decoding", see the fourth changelog entry.
- Details about other changes at full changelog: /www.postgresql .org/docs/ 9.5/static/ release- 9-5-7.html
https:/
-- Christian Ehrhardt <email address hidden> Mon, 15 May 2017 08:46:07 +0200