Lucene search

K
osvGoogleOSV:DSA-2491-1
HistoryJun 09, 2012 - 12:00 a.m.

postgresql-8.4 - several

2012-06-0900:00:00
Google
osv.dev
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

83.3%

Two vulnerabilities were discovered in PostgreSQL, an SQL database
server:

  • CVE-2012-2143
    The crypt(text, text) function in the pgcrypto contrib module
    did not handle certain passwords correctly when producing
    traditional DES-based hashes. Characters after the first
    0x80 byte were ignored.
  • CVE-2012-2655
    SECURITY DEFINER and SET attributes for a call handler of a
    procedural language could crash the database server.

In addition, this update contains reliability and stability fixes from
the 8.4.12 upstream release.

For the stable distribution (squeeze), this problem has been fixed in
version 8.4.12-0squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 8.4.12-1.

We recommend that you upgrade your postgresql-8.4 packages.

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

83.3%