[SECURITY] [DSA 2630-1] postgresql-8.4 security update

2013-02-2021:03:23

lists.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.016 Low

EPSS

Percentile

87.4%

JSON

Debian Security Advisory DSA-2630-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
February 20, 2013 http://www.debian.org/security/faq

Package : postgresql-8.4
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-0255

Sumit Soni discovered that PostgreSQL,an object-relational SQL database,
could be forced to crash when an internal function was called with
invalid arguments, resulting in denial of service.

For the stable distribution (squeeze), this problem has been fixed in
version 8.4.16-0squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 8.4.16-1.

For the unstable distribution (sid), this problem has been fixed in
version 8.4.16-1.

We recommend that you upgrade your postgresql-8.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6ia64libpgtypes3< 8.4.16-0squeeze1libpgtypes3_8.4.16-0squeeze1_ia64.deb
Debian6sparclibecpg-dev< 8.4.16-0squeeze1libecpg-dev_8.4.16-0squeeze1_sparc.deb
Debian6ia64libpq5< 8.4.16-0squeeze1libpq5_8.4.16-0squeeze1_ia64.deb
Debian6sparcpostgresql-pltcl-8.4< 8.4.16-0squeeze1postgresql-pltcl-8.4_8.4.16-0squeeze1_sparc.deb
Debian6mipslibpq-dev< 8.4.16-0squeeze1libpq-dev_8.4.16-0squeeze1_mips.deb
Debian6powerpclibpgtypes3< 8.4.16-0squeeze1libpgtypes3_8.4.16-0squeeze1_powerpc.deb
Debian6sparcpostgresql-server-dev-8.4< 8.4.16-0squeeze1postgresql-server-dev-8.4_8.4.16-0squeeze1_sparc.deb
Debian6armelpostgresql-client-8.4< 8.4.16-0squeeze1postgresql-client-8.4_8.4.16-0squeeze1_armel.deb
Debian6i386postgresql-8.4< 8.4.16-0squeeze1postgresql-8.4_8.4.16-0squeeze1_i386.deb
Debian6ia64postgresql-contrib-8.4< 8.4.16-0squeeze1postgresql-contrib-8.4_8.4.16-0squeeze1_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	ia64	libpgtypes3	< 8.4.16-0squeeze1	libpgtypes3_8.4.16-0squeeze1_ia64.deb
Debian	6	sparc	libecpg-dev	< 8.4.16-0squeeze1	libecpg-dev_8.4.16-0squeeze1_sparc.deb
Debian	6	ia64	libpq5	< 8.4.16-0squeeze1	libpq5_8.4.16-0squeeze1_ia64.deb
Debian	6	sparc	postgresql-pltcl-8.4	< 8.4.16-0squeeze1	postgresql-pltcl-8.4_8.4.16-0squeeze1_sparc.deb
Debian	6	mips	libpq-dev	< 8.4.16-0squeeze1	libpq-dev_8.4.16-0squeeze1_mips.deb
Debian	6	powerpc	libpgtypes3	< 8.4.16-0squeeze1	libpgtypes3_8.4.16-0squeeze1_powerpc.deb
Debian	6	sparc	postgresql-server-dev-8.4	< 8.4.16-0squeeze1	postgresql-server-dev-8.4_8.4.16-0squeeze1_sparc.deb
Debian	6	armel	postgresql-client-8.4	< 8.4.16-0squeeze1	postgresql-client-8.4_8.4.16-0squeeze1_armel.deb
Debian	6	i386	postgresql-8.4	< 8.4.16-0squeeze1	postgresql-8.4_8.4.16-0squeeze1_i386.deb
Debian	6	ia64	postgresql-contrib-8.4	< 8.4.16-0squeeze1	postgresql-contrib-8.4_8.4.16-0squeeze1_ia64.deb