Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)
Medium Nessus Plugin ID 58177
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in postgresql :
Permissions on a function called by a trigger are not properly checked (CVE-2012-0866).
SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third-party certificate authorities (CVE-2012-0867).
Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file (CVE-2012-0868).
This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
SolutionUpdate the affected packages.