8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.8%
Debian Security Advisory DSA-2657-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
April 04, 2013 http://www.debian.org/security/faq
Package : postgresql-8.4
Vulnerability : guessable random numbers
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1900
A vulnerability was discovered in PostgreSQL database server. Random numbers
generated by contrib/pgcrypto functions may be easy for another database user
to guess.
For the stable distribution (squeeze), this problem has been fixed in
version 8.4.17-0squeeze1.
For the testing (wheezy) and unstable distribution (sid), postgresql-8.4
packages have been removed; in those, this problem has been fixed in
postgresql-9.1 9.1.9-0wheezy1 (wheezy), and 9.1.9-1 (sid) respectively.
NOTE: postgresql-8.4 in Squeeze is not affected by CVE-2013-1899 (database
files corruption) and CVE-2013-1901 (unprivileged user can interfere with
in-progress backups).
We recommend that you upgrade your postgresql-8.4 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-i386 | postgresql-9.1-dbg | < 9.1.9-0wheezy1 | postgresql-9.1-dbg_9.1.9-0wheezy1_kfreebsd-i386.deb |
Debian | 7 | sparc | postgresql-pltcl-9.1 | < 9.1.9-0wheezy1 | postgresql-pltcl-9.1_9.1.9-0wheezy1_sparc.deb |
Debian | 7 | armel | libecpg-compat3 | < 9.1.9-0wheezy1 | libecpg-compat3_9.1.9-0wheezy1_armel.deb |
Debian | 7 | ia64 | postgresql-client-9.1 | < 9.1.9-0wheezy1 | postgresql-client-9.1_9.1.9-0wheezy1_ia64.deb |
Debian | 6 | sparc | postgresql-plperl-8.4 | < 8.4.17-0squeeze1 | postgresql-plperl-8.4_8.4.17-0squeeze1_sparc.deb |
Debian | 6 | amd64 | postgresql-8.4 | < 8.4.17-0squeeze1 | postgresql-8.4_8.4.17-0squeeze1_amd64.deb |
Debian | 7 | mips | libecpg-compat3 | < 9.1.9-0wheezy1 | libecpg-compat3_9.1.9-0wheezy1_mips.deb |
Debian | 7 | s390x | postgresql-plpython-9.1 | < 9.1.9-0wheezy1 | postgresql-plpython-9.1_9.1.9-0wheezy1_s390x.deb |
Debian | 6 | ia64 | postgresql-8.4 | < 8.4.17-0squeeze1 | postgresql-8.4_8.4.17-0squeeze1_ia64.deb |
Debian | 7 | armhf | postgresql-9.1-dbg | < 9.1.9-0wheezy1 | postgresql-9.1-dbg_9.1.9-0wheezy1_armhf.deb |