Debian Security Advisory DSA 3851-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted.

postgresql-9.4 on Debian Linux

This check tests the installed software version using the apt package manager.

For the stable distribution (jessie), these problems have been fixed in version 9.4.12-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages.