Synopsis:          Moderate: postgresql security update
Advisory ID:       SLSA-2017:2860-1
Issue Date:        2017-10-05
CVE Numbers:       CVE-2017-7546
--

Security Fix(es):

* It was found that authenticating to a PostgreSQL database account with
an empty password was possible despite libpq's refusal to send an empty
password. A remote attacker could potentially use this flaw to gain access
to database accounts with empty passwords. (CVE-2017-7546)
--

SL6
  x86_64
    postgresql-debuginfo-8.4.20-8.el6_9.i686.rpm
    postgresql-debuginfo-8.4.20-8.el6_9.x86_64.rpm
    postgresql-libs-8.4.20-8.el6_9.i686.rpm
    postgresql-libs-8.4.20-8.el6_9.x86_64.rpm
    postgresql-8.4.20-8.el6_9.i686.rpm
    postgresql-8.4.20-8.el6_9.x86_64.rpm
    postgresql-contrib-8.4.20-8.el6_9.x86_64.rpm
    postgresql-devel-8.4.20-8.el6_9.i686.rpm
    postgresql-devel-8.4.20-8.el6_9.x86_64.rpm
    postgresql-docs-8.4.20-8.el6_9.x86_64.rpm
    postgresql-plperl-8.4.20-8.el6_9.x86_64.rpm
    postgresql-plpython-8.4.20-8.el6_9.x86_64.rpm
    postgresql-pltcl-8.4.20-8.el6_9.x86_64.rpm
    postgresql-server-8.4.20-8.el6_9.x86_64.rpm
    postgresql-test-8.4.20-8.el6_9.x86_64.rpm
  i386
    postgresql-debuginfo-8.4.20-8.el6_9.i686.rpm
    postgresql-libs-8.4.20-8.el6_9.i686.rpm
    postgresql-8.4.20-8.el6_9.i686.rpm
    postgresql-contrib-8.4.20-8.el6_9.i686.rpm
    postgresql-devel-8.4.20-8.el6_9.i686.rpm
    postgresql-docs-8.4.20-8.el6_9.i686.rpm
    postgresql-plperl-8.4.20-8.el6_9.i686.rpm
    postgresql-plpython-8.4.20-8.el6_9.i686.rpm
    postgresql-pltcl-8.4.20-8.el6_9.i686.rpm
    postgresql-server-8.4.20-8.el6_9.i686.rpm
    postgresql-test-8.4.20-8.el6_9.i686.rpm

- Scientific Linux Development Team