postgresql: Improper user privilege check for on-line backups

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the 1 pgstartbackup or 2 pgstopbackup functions...

Amazon Linux AMI : postgresql9 (ALAS-2013-178)

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...

Mandriva Linux Security Advisory : postgresql (MDVSA-2013:142)

Multiple vulnerabilities has been discovered and corrected in postgresql : PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoke...

CVE-2013-1901

CVE-2013-1901 concerns PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9, where REPLICATION privilege checks fail to verify that the current user is authenticated. This allows remote authenticated users to bypass backup restrictions by invoking pg_start_backup() or pg_stop_backup(), potentiall...