MDVSA-2012:026 -- Mandriva postgresqlID: oval:org.secpod.oval:def:302874 | Date: (C)2012-12-11 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in postgresql: Permissions on a function called by a trigger are not properly checked . SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities . Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file . This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
Platform: |
Mandriva Linux 2011.0 |
Mandriva Linux 2010.1 |