Debian: DSA-1900-1 Critical: PostgreSQL Security Advisory
debian
October 2, 2009
Several vulnerabilities have been discovered in PostgreSQL, an SQL database system
Summary
Several vulnerabilities have been discovered in PostgreSQL, an SQL
database system. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-3229
Authenticated users can shut down the backend server by re-LOAD-ing
libraries in $libdir/plugins, if any libraries are present there.
(The old stable distribution (etch) is not affected by this issue.)
CVE-2009-3230
Authenticated non-superusers can gain database superuser privileges if
they can create functions and tables due to incorrect execution of
functions in functional indexes.
CVE-2009-3231
If PostgreSQL is configured with LDAP authentication, and the LDAP
configuration allows anonymous binds, it is possible for a user to
authenticate themselves with an empty password. (The old stable
distribution (etch) is not affected by this issue.)
In addition, this update contains reliability improvements which do
not target security issues.
For the old stable distribution (etch), these problems have been fixed
in version 7.4...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!