Oval Definition:	oval:org.mitre.oval:def:6869
Revision Date: 2015-02-23 Version: 21 Title: DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities Description: Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following matrix shows fixed source package versions for the respective distributions. In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-4034 CVE-2009-4136 DSA-1964 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): postgresql-7.4 postgresql-8.1 postgresql-8.3 Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section postgresql-doc-8.3 is earlier than 8.3.9-0lenny1 OR postgresql-doc is earlier than 8.3.9-0lenny1 OR postgresql-client is earlier than 8.3.9-0lenny1 OR postgresql is earlier than 8.3.9-0lenny1 OR postgresql-contrib is earlier than 8.3.9-0lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 OR Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is arm OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is powerpc OR Installed architecture is mipsel OR Installed architecture is hppa AND Packages section postgresql-client-8.3 is earlier than 8.3.9-0lenny1 OR postgresql-plperl-8.3 is earlier than 8.3.9-0lenny1 OR postgresql-8.3 is earlier than 8.3.9-0lenny1 OR libecpg6 is earlier than 8.3.9-0lenny1 OR libpq-dev is earlier than 8.3.9-0lenny1 OR postgresql-plpython-8.3 is earlier than 8.3.9-0lenny1 OR postgresql-contrib-8.3 is earlier than 8.3.9-0lenny1 OR postgresql-server-dev-8.3 is earlier than 8.3.9-0lenny1 OR libecpg-dev is earlier than 8.3.9-0lenny1 OR postgresql-pltcl-8.3 is earlier than 8.3.9-0lenny1 OR libpq5 is earlier than 8.3.9-0lenny1 OR libpgtypes3 is earlier than 8.3.9-0lenny1 OR libecpg-compat3 is earlier than 8.3.9-0lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section postgresql-doc-8.1 is earlier than 8.1.19-0etch1 OR postgresql-server-dev-7.4 is earlier than 1:7.4.27-0etch1 OR postgresql-doc-7.4 is earlier than 1:7.4.27-0etch1 OR postgresql-7.4 is earlier than 1:7.4.27-0etch1 OR postgresql-client-8.1 is earlier than 8.1.19-0etch1 OR postgresql-8.1 is earlier than 8.1.19-0etch1 OR libpq-dev is earlier than 8.1.19-0etch1 OR postgresql-plpython-7.4 is earlier than 1:7.4.27-0etch1 OR postgresql-contrib-8.1 is earlier than 8.1.19-0etch1 OR postgresql-contrib-7.4 is earlier than 1:7.4.27-0etch1 OR libecpg5 is earlier than 8.1.19-0etch1 OR postgresql-pltcl-8.1 is earlier than 8.1.19-0etch1 OR postgresql-client-7.4 is earlier than 1:7.4.27-0etch1 OR libpgtypes2 is earlier than 8.1.19-0etch1 OR postgresql-server-dev-8.1 is earlier than 8.1.19-0etch1 OR libecpg-dev is earlier than 8.1.19-0etch1 OR postgresql-plpython-8.1 is earlier than 8.1.19-0etch1 OR libpq4 is earlier than 8.1.19-0etch1 OR postgresql-plperl-7.4 is earlier than 1:7.4.27-0etch1 OR postgresql-plperl-8.1 is earlier than 8.1.19-0etch1 OR postgresql-pltcl-7.4 is earlier than 1:7.4.27-0etch1 OR libecpg-compat2 is earlier than 8.1.19-0etch1
BACK