Name | CVE-2017-7548 |
Description | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-3935-1, DSA-3936-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not present)
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
https://www.postgresql.org/about/news/1772/