DSA-2491-1 postgresql-8.4 -- severalID: oval:org.secpod.oval:def:600827 | Date: (C)2012-06-21 (M)2024-03-20 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINER and SET attributes for a call handler of a procedural language could crash the database server. In addition, this update contains reliability and stability fixes from the 8.4.12 upstream release.