icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PostgreSQL < 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

Versions of PostgreSQL earlier than 8.3.19/ 8.4.12 / 9.0.8 / 9.1.4 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :

- Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used. (CVE-2012-2143)

- SECURITY_DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server. (CVE-2012-2655)

Solution

Upgrade to PostgreSQL 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 or later.