Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL < 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

Versions of PostgreSQL earlier than 8.3.19/ 8.4.12 / 9.0.8 / 9.1.4 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :

- Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used. (CVE-2012-2143)

- SECURITY_DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server. (CVE-2012-2655)

Solution

Upgrade to PostgreSQL 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 or later.