SynopsisThe remote database server is vulnerable to multiple vulnerabilities
DescriptionVersions of PostgreSQL earlier than 9.1.9 or 9.2.4 and are potentially affected by the following vulnerabilities :
- A denial of service when parsing server command-line switches. (CVE-2013-1899)
- An information disclosure due to an error in the 'contrib\pgcrypto' functions. (CVE-2013-1900)
- Is is prone to a security-bypass, the server component fails to properly handle REPLICATION privilege checks for the current user. (CVE-2013-1901)
- An insecure temporary file-creation, specifically occurs when a file with a predictable filename in the '/tmp' directory is created. (CVE-2013-1902)
- A password disclosure vulnerability occurs due to the application passing the database superuser passwords to a script, specifically exists in the graphical installers package. (CVE-2013-1093)
SolutionUpgrade to PostgreSQL 9.1.9 / 9.2.4 or later.