Debian: DSA-1964-1 Urgent Security Alert: PostgreSQL Remote Vulnerability
debian
December 31, 2009
Several vulnerabilities have been discovered in PostgreSQL, a database server
Summary
Several vulnerabilities have been discovered in PostgreSQL, a database
server. The Common Vulnerabilities and Exposures project identifies
the following problems:
It was discovered that PostgreSQL did not properly verify the Common
Name attribute in X.509 certificates, enabling attackers to bypass the
(optional) TLS protection on client-server connections, by relying on
a certificate from a trusted CA which contains an embedded NUL byte in
the Common Name (CVE-2009-4034).
Authenticated database users could elevate their privileges by
creating specially-crafted index functions (CVE-2009-4136).
The following table shows fixed source package versions for the
respective distributions.
oldstable/etch stable/lenny testing/unstable
postgresql-7.4 7.4.27-0etch1
postgresql-8.1 8.1.19-0etch1
postgresql-8.3 8.3.9-0lenny1 8.3.9-1
postgresql-8.4 8.4.2-1
In addition to these security fixes, the updates contain reliability
imp...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: postgresql-7.4, postgresql-8.1, postgresql-8.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!