rh-postgresql94-postgresql-9.4.12-1.AXS4

PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.

Security issues fixed with this release

CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL
before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3 did not check user privileges before
providing information from pg_statistic, possibly leaking information.
An unprivileged attacker could use this flaw to steal some information
from tables they are otherwise not allowed to access.
CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before
9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL
environment variable was no longer enforcing a SSL/TLS connection to a
PostgreSQL server. An active Man-in-the-Middle attacker could use this
flaw to strip the SSL/TLS protection from a connection between a
client and a server.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in
pg_user_mappings view which discloses foreign server passwords to any
user having USAGE privilege on the associated foreign server.

The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql (9.4.12).