Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2017-7546: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq’s refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
QID Detection Logic (Authenticated):
This QID verifies if the versions of the following packages is less than 8.4.20-8.53.al12: postgresql8-debuginfo,postgresql8-plpython,postgresql8,postgresql8-devel,postgresql8-contrib,postgresql8-server,postgresql8-test,postgresql8-docs,postgresql8-libs,postgresql8-plperl,postgresql8-pltcl
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Administrators are advised to apply the appropriate software updates.
Following are links for downloading patches to fix the vulnerabilities: