-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2658-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
April 04, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : postgresql-9.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901
Debian Bug : 704479
Several vulnerabilities were discovered in PostgreSQL database server.
CVE-2013-1899
Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
discovered that it was possible for a connection request containing a
database name that begins with "-" to be crafted that can damage or destroy
files within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request.
CVE-2013-1900
Random numbers generated by contrib/pgcrypto functions may be easy for
another database user to guess.
CVE-2013-1901
An unprivileged user could run commands that could interfere with
in-progress backups
For the stable distribution (squeeze), postgresql-9.1 is not available.
DSA-2657-1 has been released for CVE-2013-1900 affecting posgresql-8.4.
For the testing distribution (wheezy), these problems have been fixed in
version 9.1.9-0wheezy1.
For the unstable distribution (sid), these problems have been fixed in
version 9.1.9-1.
We recommend that you upgrade your postgresql-9.1 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlFdiOoACgkQNxpp46476arL3gCfbt0Lqp7YSg4erOgv+GwM5Kxb
bQYAn2V5DjfmzTNOanLDYQDFuQHdO3+5
=Ptsq
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20130404140634.GB6581@SD6-Casa.iuculano.it
This is very interesting, You are a very skilled blogger.
ReplyDeleteI've joined your feed and look forward to seeking more of your wonderful post. Also, I've shared your site in my social networks!
my web page read this post here
This article will assist the internet people for setting up
ReplyDeletenew website or even a blog from start to end.
my blog post ... walk in shower tub replacement
Hi there, I log on to your blogs like every week.
ReplyDeleteYour story-telling style is witty, keep up the good work!
Take a look at my web-site I thought about this
Spot on with this write-up, I truly believe this amazing
ReplyDeletesite needs a lot more attention. I'll probably be returning to read through more, thanks for the advice!
My web page ... somanabolic muscle maximizer review
I am sure this paragraph has touched all the internet viewers,
ReplyDeleteits really really good piece of writing on building up new web site.
Feel free to surf to my web page ... resource