Users with no privilege on a large object can overwrite the entire content of the object. Supported vulnerable versions: 9.4 - 9.6 Upstream patch: https://github.com/postgres/postgres/commit/f1cda6d6cbb2 Bug introduced in: https://github.com/postgres/postgres/commit/c50b7c09d852b6d The first affected upstream version is 9.4.
Acknowledgments: Name: the PostgreSQL project Upstream: Chapman Flack
External References: https://www.postgresql.org/about/news/1772/
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1480283] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1480284]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2677
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2678