| Revision Date: | 2014-06-23 | Version: | 19 |
| Title: | DSA-2418-1 postgresql-8.4 -- several |
| Description: | Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. CVE-2012-0867 It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. CVE-2012-0868 It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
DSA-2418-1
|
| Platform(s): | Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 6.0
| Product(s): | postgresql-8.4
|
| Definition Synopsis |
| Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND Installed architecture is all
AND postgresql-8.4 DPKG is earlier than 8.4.11-0squeeze1
|