Debian DSA-2491-1 : postgresql-8.4 - several vulnerabilities
Medium Nessus Plugin ID 59769
The remote Debian host is missing a security-related update.
Two vulnerabilities were discovered in PostgreSQL, a SQL database server : - CVE-2012-2143 The crypt(text, text) function in the pgcrypto contrib module did not handle certain passwords correctly when producing traditional DES-based hashes. Characters after the first 0x80 byte were ignored. - CVE-2012-2655 SECURITY DEFINER and SET attributes for a call handler of a procedural language could crash the database server. In addition, this update contains reliability and stability fixes from the 8.4.12 upstream release.
Upgrade the postgresql-8.4 packages. For the stable distribution (squeeze), this problem has been fixed in version 8.4.12-0squeeze1.