[SECURITY] [DSA 2657-1] postgresql-8.4 security update

2013-04-0413:47:32

lists.debian.org

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.8%

JSON

Debian Security Advisory DSA-2657-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
April 04, 2013 http://www.debian.org/security/faq

Package : postgresql-8.4
Vulnerability : guessable random numbers
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1900

A vulnerability was discovered in PostgreSQL database server. Random numbers
generated by contrib/pgcrypto functions may be easy for another database user
to guess.

For the stable distribution (squeeze), this problem has been fixed in
version 8.4.17-0squeeze1.

For the testing (wheezy) and unstable distribution (sid), postgresql-8.4
packages have been removed; in those, this problem has been fixed in
postgresql-9.1 9.1.9-0wheezy1 (wheezy), and 9.1.9-1 (sid) respectively.

NOTE: postgresql-8.4 in Squeeze is not affected by CVE-2013-1899 (database
files corruption) and CVE-2013-1901 (unprivileged user can interfere with
in-progress backups).

We recommend that you upgrade your postgresql-8.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-i386postgresql-9.1-dbg< 9.1.9-0wheezy1postgresql-9.1-dbg_9.1.9-0wheezy1_kfreebsd-i386.deb
Debian7sparcpostgresql-pltcl-9.1< 9.1.9-0wheezy1postgresql-pltcl-9.1_9.1.9-0wheezy1_sparc.deb
Debian7armellibecpg-compat3< 9.1.9-0wheezy1libecpg-compat3_9.1.9-0wheezy1_armel.deb
Debian7ia64postgresql-client-9.1< 9.1.9-0wheezy1postgresql-client-9.1_9.1.9-0wheezy1_ia64.deb
Debian6sparcpostgresql-plperl-8.4< 8.4.17-0squeeze1postgresql-plperl-8.4_8.4.17-0squeeze1_sparc.deb
Debian6amd64postgresql-8.4< 8.4.17-0squeeze1postgresql-8.4_8.4.17-0squeeze1_amd64.deb
Debian7mipslibecpg-compat3< 9.1.9-0wheezy1libecpg-compat3_9.1.9-0wheezy1_mips.deb
Debian7s390xpostgresql-plpython-9.1< 9.1.9-0wheezy1postgresql-plpython-9.1_9.1.9-0wheezy1_s390x.deb
Debian6ia64postgresql-8.4< 8.4.17-0squeeze1postgresql-8.4_8.4.17-0squeeze1_ia64.deb
Debian7armhfpostgresql-9.1-dbg< 9.1.9-0wheezy1postgresql-9.1-dbg_9.1.9-0wheezy1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-i386	postgresql-9.1-dbg	< 9.1.9-0wheezy1	postgresql-9.1-dbg_9.1.9-0wheezy1_kfreebsd-i386.deb
Debian	7	sparc	postgresql-pltcl-9.1	< 9.1.9-0wheezy1	postgresql-pltcl-9.1_9.1.9-0wheezy1_sparc.deb
Debian	7	armel	libecpg-compat3	< 9.1.9-0wheezy1	libecpg-compat3_9.1.9-0wheezy1_armel.deb
Debian	7	ia64	postgresql-client-9.1	< 9.1.9-0wheezy1	postgresql-client-9.1_9.1.9-0wheezy1_ia64.deb
Debian	6	sparc	postgresql-plperl-8.4	< 8.4.17-0squeeze1	postgresql-plperl-8.4_8.4.17-0squeeze1_sparc.deb
Debian	6	amd64	postgresql-8.4	< 8.4.17-0squeeze1	postgresql-8.4_8.4.17-0squeeze1_amd64.deb
Debian	7	mips	libecpg-compat3	< 9.1.9-0wheezy1	libecpg-compat3_9.1.9-0wheezy1_mips.deb
Debian	7	s390x	postgresql-plpython-9.1	< 9.1.9-0wheezy1	postgresql-plpython-9.1_9.1.9-0wheezy1_s390x.deb
Debian	6	ia64	postgresql-8.4	< 8.4.17-0squeeze1	postgresql-8.4_8.4.17-0squeeze1_ia64.deb
Debian	7	armhf	postgresql-9.1-dbg	< 9.1.9-0wheezy1	postgresql-9.1-dbg_9.1.9-0wheezy1_armhf.deb