Oval Definition:oval:org.mitre.oval:def:13708
Revision Date:2015-02-23Version:22
Title:DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several
Description:Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution, these problems have been fixed in version 1:7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution, these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution, these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
DSA-1900-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • postgresql-doc DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-doc-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-contrib DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-client DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql DPKG is earlier than 8.3.8-0lenny1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • postgresql-client-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-plperl-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR libecpg6 DPKG is earlier than 8.3.8-0lenny1
  • OR libpq-dev DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-plpython-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-pltcl-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-server-dev-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR libecpg-dev DPKG is earlier than 8.3.8-0lenny1
  • OR postgresql-contrib-8.3 DPKG is earlier than 8.3.8-0lenny1
  • OR libpq5 DPKG is earlier than 8.3.8-0lenny1
  • OR libpgtypes3 DPKG is earlier than 8.3.8-0lenny1
  • OR libecpg-compat3 DPKG is earlier than 8.3.8-0lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • postgresql-doc-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-server-dev-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR postgresql-doc-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • AND Packages section
  • postgresql-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR postgresql-client-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-plperl-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR postgresql-plpython-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR postgresql-contrib-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-contrib-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR libecpg5 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-pltcl-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-client-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR postgresql-plpython-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-server-dev-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR libecpg-dev DPKG is earlier than 8.1.18-0etch1
  • OR libpgtypes2 DPKG is earlier than 8.1.18-0etch1
  • OR libpq4 DPKG is earlier than 8.1.18-0etch1
  • OR libpq-dev DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-plperl-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-pltcl-7.4 DPKG is earlier than 1:7.4.26-0etch1
  • OR libecpg-compat2 DPKG is earlier than 8.1.18-0etch1
  • OR Architecture depended section
  • Installed architecture is mipsel
  • AND Packages section
  • postgresql-client-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-contrib-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR libecpg5 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-pltcl-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-server-dev-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-plpython-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR libecpg-dev DPKG is earlier than 8.1.18-0etch1
  • OR libpgtypes2 DPKG is earlier than 8.1.18-0etch1
  • OR libpq4 DPKG is earlier than 8.1.18-0etch1
  • OR libpq-dev DPKG is earlier than 8.1.18-0etch1
  • OR postgresql-plperl-8.1 DPKG is earlier than 8.1.18-0etch1
  • OR libecpg-compat2 DPKG is earlier than 8.1.18-0etch1
  • BACK