| Description: | PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546)
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Ben de Graaff, Jelte Fennema, and Jeroen van der Ham as the original reporters.
|