5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
magnum discovered that the blowfish password hashing used amongst
others in PostgreSQL contained a weakness that would give passwords
with 8 bit characters the same hash as weaker equivalents.
For the oldstable distribution (lenny), this problem has been fixed in
postgresql-8.3 version 8.3.16-0lenny1.
For the stable distribution (squeeze), this problem has been fixed in
postgresql-8.4 version 8.4.9-0squeeze1.
For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in postgresql-8.4 version 8.4.9-1,
postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.
The updates also include reliability improvements, originally scheduled
for inclusion into the next point release; for details see the respective
changelogs.
We recommend that you upgrade your postgresql packages.