Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL < 8.4.11 / 9.0.7 / 9.1.3 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is affected by multiple vulnerabilities

Description

Versions of PostgreSQL earlier than 8.4.11 / 9.0.7 / 9.1.3 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :

- Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)

- SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. (CVE-2012-0867)

- Line breaks in object names can be exploited to execute arbitrary SQL commands when reloading a pg_dump file. (CVE-2012-0868)

Solution

Upgrade to PostgreSQL 8.4.12 / 9.0.8 / 9.1.4 or later.