Lucene search

K
gentooGentoo FoundationGLSA-201209-24
HistorySep 28, 2012 - 12:00 a.m.

PostgreSQL: Multiple vulnerabilities

2012-09-2800:00:00
Gentoo Foundation
security.gentoo.org
19

0.012 Low

EPSS

Percentile

85.2%

Background

PostgreSQL is an open source object-relational database management system.

Description

Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could spoof SSL connections. Furthermore, a remote authenticated attacker could cause a Denial of Service, read and write arbitrary files, inject SQL commands into dump scripts, or bypass database restrictions to execute database functions.

A context-dependent attacker could more easily obtain access via authentication attempts with an initial substring of the intended password.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL 9.1 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.5"

All PostgreSQL 9.0 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.9"

All PostgreSQL 8.4 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.13"

All PostgreSQL 8.3 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.3.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql-server< 9.1.5UNKNOWN