DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- severalID: oval:org.secpod.oval:def:600484 | Date: (C)2011-05-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution , these problems have been fixed in version 7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution , these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution , these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
Platform: |
Debian 5.0 |
Debian 4.0 |
Product: |
postgresql-7.4 |
postgresql-8.1 |
postgresql-8.3 |
postgresql-8.4 |