postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities

2009-12-3100:00:00

Google

osv.dev

0.023 Low

EPSS

Percentile

89.8%

JSON

Several vulnerabilities have been discovered in PostgreSQL, a database
server. The Common Vulnerabilities and Exposures project identifies
the following problems:

It was discovered that PostgreSQL did not properly verify the Common
Name attribute in X.509 certificates, enabling attackers to bypass the
(optional) TLS protection on client-server connections, by relying on
a certificate from a trusted CA which contains an embedded NUL byte in
the Common Name (CVE-2009-4034).

Authenticated database users could elevate their privileges by
creating specially-crafted index functions (CVE-2009-4136).

The following matrix shows fixed source package versions for the
respective distributions.

	oldstable/etch	stable/lenny	testing/unstable
postgresql-7.4	7.4.27-0etch1
postgresql-8.1	8.1.19-0etch1
postgresql-8.3		8.3.9-0lenny1	8.3.9-1
postgresql-8.4			8.4.2-1

In addition to these security fixes, the updates contain reliability
improvements and fix other defects.

We recommend that you upgrade your PostgreSQL packages.

CPENameOperatorVersion
postgresql-8.3eq8.3.6-1
postgresql-8.3eq8.3.5-1
postgresql-8.3eq8.3.9-0lenny1~bpo40+1
postgresql-8.3eq8.3.8-0lenny1
postgresql-8.3eq8.3.7-1
postgresql-8.3eq8.3.8-0lenny1~bpo40+1
postgresql-8.3eq8.3.5-2
postgresql-8.3eq8.3.7-0lenny1~bpo40+1
postgresql-8.3eq8.3.7-0lenny1
postgresql-8.3eq8.3.8-1+sh4

Name	Operator	Version
postgresql-8.3	eq	8.3.6-1
postgresql-8.3	eq	8.3.5-1
postgresql-8.3	eq	8.3.9-0lenny1~bpo40+1
postgresql-8.3	eq	8.3.8-0lenny1
postgresql-8.3	eq	8.3.7-1
postgresql-8.3	eq	8.3.8-0lenny1~bpo40+1
postgresql-8.3	eq	8.3.5-2
postgresql-8.3	eq	8.3.7-0lenny1~bpo40+1
postgresql-8.3	eq	8.3.7-0lenny1
postgresql-8.3	eq	8.3.8-1+sh4